legal challenges of cloud based enterprise 20
DESCRIPTION
Presentation given at the "Enterprise 2.0 in Europe" workshop where the results of the interim report of the “Enterprise 2.0 study were presented and discussed with experts Brussels, 14th of September 2010TRANSCRIPT
Enterprise 2.0 study
1
Legal Challenges of Cloud-Based Enterprise 2.0
14 September 2010
Mike Thompson Headshift
Enterprise 2.0 study
1
2
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
2
3
Enterprise 2.0 study
What is Cloud Computing?“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”The NIST Definition of Cloud Computing
4
Enterprise 2.0 study
Drivers of Cloud Computing•Cost Reduction•Turning CAPEX into OPEX•Improved Time-to-Market•Going GreenThe Future of Cloud Computing - Opportunities for European Cloud Computing Beyond 2010
http://cordis.europa.eu/fp7/ict/ssai/docs/cloud-report-final.pdf
5
Enterprise 2.0 study
Conceptually Seductive?
5
From Flickr user tipiro
6
Enterprise 2.0 study
7
Enterprise 2.0 study
Legal Complications“In the real world national borders, commercial rivalries and political imperatives all come into play, turning the cloud into a miasma as heavy with menace as the fog over the Grimpen Mire that concealed the Hound of the Baskervilles in Arthur Conan Doyle’s story.”From Storm Warning for Cloud Computing by Bill Thompson
http://news.bbc.co.uk/1/hi/technology/7421099.stm
8
Enterprise 2.0 study
Why is this relevant to Enterprise 2.0?
9
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
9
10
Enterprise 2.0 study
Where is my data?
11
Enterprise 2.0 study
Finding: Very little public information about data
location and jurisdictional issues
12
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
12
13
Enterprise 2.0 study
Finding: Data Centre Security most tightly managed,
providers adhering to quality standards
14
Enterprise 2.0 study
Finding: Data encrypted in transit but not in storage
15
Enterprise 2.0 study
Finding: Status of data deletion on contract termination unclear
16
Enterprise 2.0 study
Finding: Access control provisions more limited than
in on-premise software
17
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
17
18
Enterprise 2.0 study
Finding: Customer has limited period of time after contract
termination in which to retrieve data
19
Enterprise 2.0 study
Finding: No attempts to address issues of service
continuity
20
Enterprise 2.0 study
Finding: Transferring and translating data between
providers remains non-trivial
21
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
21
22
Enterprise 2.0 study
Finding: Provision of information on SLAs was
patchy
23
Enterprise 2.0 study
Atlassian Hosted Services“ATLASSIAN AND ITS LICENSORS MAKE NO REPRESENTATION, WARRANTY, OR GUARANTY AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY OR COMPLETENESS OF THE SERVICE OR ANY CONTENT THEREIN OR GENERATED THEREWITH. ”From Atlassian Hosted Services Terms of Use Section 12
http://www.atlassian.com/hosted/terms.jsp
24
Enterprise 2.0 study
Google Apps Premier“Google Apps Covered Services web interface will be operational and available to Customer at least 99.9% of the time in any calendar month (the "Google Apps SLA"). If Google does not meet the Google Apps SLA, and if Customer meets its obligations under this Google Apps SLA, Customer will be eligible to receive the Service Credits described below.”From Google Apps Service Level Agreement
http://www.google.com/apps/intl/en/terms/sla.html
25
Enterprise 2.0 study
Finding: Liability limited to amount paid in service fees
by customer over a set period of time, redeemable only in the form of service credits
26
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
26
27
Enterprise 2.0 study
Finding: Services operated on a monthly subscription basis with a price per user and a minimum number of users
28
Enterprise 2.0 study
Overview• Introduction to Cloud Computing
• Data Storage, Transfer and Jurisdiction
• Security
• Data Portability, Interoperability and Service Continuity
• Service Level Agreements and Liability
• Pricing
• Conclusions
28
29
Enterprise 2.0 study
Conclusions• Data Storage, Transfer and Jurisdiction
Could impede adoption in highly regulated industries
• SecurityNot likely to impede adoption
• Data Portability, Interoperability and Service ContinuityCould impede in the case of smaller providers
• Service Level Agreements and LiabilityNot likely to impede adoption
29
30
Enterprise 2.0 study
Greater clarity and greater trust
31
Enterprise 2.0 study
32
Enterprise 2.0 study
33
Enterprise 2.0 study
Salesforce 2008“Salesforce.com shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any customer data.”From Clouded in Uncertainty: The Legal Pitfalls of Cloud Computing by John Salmon
http://www.computing.co.uk/computing/features/2226701/clouded-uncertainty-
34
Enterprise 2.0 study
Salesforce 2010“[Salesforce.com] shall maintain appropriate administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of your data.”From Salesforce Master Subscription Agreement Section 8.3
http://www.salesforce.com/company/msa.jsp