stephen mathias, cloud computing - legal issues
TRANSCRIPT
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
1/19
Cloud Computing Legal Issues
Stephen MathiasTechnology Law PracticeKochhar & Co, Bangalore
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
2/19
Even though cloud computing
presents significant advantages for
businesses, it means increasedloss of control which results in
higher risks that must be mitigated
either in the contract or through
practical means
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
3/19
Unlike regular outsourcing contracts where terms are fairly standardised, it is
still unclear what are acceptable terms in the cloud computing environment.
Legal concepts in the traditional world such as absence of warranties andlimitation of liability may not work in cloud computing because of increased
risks.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
4/19
Choosing a service provider carefully is
more important in the cloud context
because if the service provider ceases
operations, you may lose access to thesoftware and/or your data whereas in
the traditional software environment,
you would mostly lose access to
maintenance and updates.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
5/19
Due diligence on the vendor
must include a review of his
financial position and
possibly, checkingreferences with existing
customers on the quality of
service provided as well as
understanding the IT
infrastructure he has inplace.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
6/19
A customer must put in place a cloud computing policy which sets out when it
intends to use the cloud and under what terms and what it would do tomitigate the risks if it cannot obtain its desired terms.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
7/19
Business continuity is far more important in cloud computing because the
business cannot function if it cannot access the application or the data. An
effective SLA arrangement would seem to be the solution that the customer
would desire in the absence of warranties
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
8/19
It is important to understand carve outs to
uptime commitments - customer
related downtime should be fair andbalanced and scheduled maintenance
provisions should not be unreasonable.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
9/19
While a service provider will commit to reasonable security, a customer will
want at least a commitment to a specified security standard and certificationor a right to audit. The security policy must cover issues such as data
backup, strength of data encryption, restricted access by staff, etc.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
10/19
The customer must consider whether certain types of data should be stored in
the public cloud, private cloud or be separately backed up. How the vendorstores the data is important. Will there be inter mingling of data? What kind
of customers does the vendor have?
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
11/19
Where the servers are located is also important in terms of your data being
stored in less risky countries and the effects of regulation of data there.
Stability of internet access is also important.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
12/19
Storing your data in the cloud makes it easier for governments to access it or
for governments and courts to pull the plug due to the fact that the vendormay be hosting content of a rogue customer
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
13/19
An understanding of which parties
provide the overall offering is also
important particularly if thevendor uses unreliable third
parties or tries to disclaim liability
for third party actions.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
14/19
Inter-operability and open standards is a bigger issue in the cloud in the contextof migrationyou dont want to be locked in to the cloud provider and need
commitments that secures your ability to migrate to another vendor
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
15/19
Be mindful of regulatory restrictions on sharing data with third parties orrequiring vendors to meet regulatory requirements, e.g., HIPPAA compliance
in the US or RBI & DoT regulations in India.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
16/19
Many countries have privacy laws that
require that personal data cannot
be transferred except to a countrywith a similar level of legal
protection. This may prevent the
customer from using the cloud and
impose additional requirements on
the vendor.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
17/19
While the modern connected and
flat world makes the remote
provision of services easier, beminding of tax laws in the
customer country that may
require the vendor to be taxed or
for payments to be withheld.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
18/19
A customer should be mindful of
requiring the provider to meet
standards the customer would nothave set for itself. At the same time,
the ability of the service provider to
meet a higher standard is a key
reason for moving to the cloud.
-
7/29/2019 Stephen Mathias, Cloud Computing - Legal Issues
19/19
Thank You
__________________________________
Stephen Mathias
Technology Law Practice
Kochhar & Co
201 Prestige Sigma, 3 Vittal Mallya Road
Bangalore 560001
_________________________________