LEGAL TIPS ON

MOVING TO THE

CLOUD

PPM Attorneys Year-End Seminar

Wednesday, 27 November 2019

What’s on the cloud agenda today?

What is “the Cloud”?

• Types of cloud computing

• Technical elements of cloud computing

• Advantages and disadvantages

Cloud Contracts 101: important clauses

Cloud related legislation

• POPIA

• SARB & Prudential Authority Cloud Directives

• The “CLOUD” Act

What is the Cloud?

Types of Cloud Computing

Tech Elements of Cloud Computing

Pros & Cons of Cloud Computing

Issue Description Pro / Con

Costs and Cash Flow No up-front costs, and fees are charged only as and when

the services are used.

Efficiency – Economies of Scale

& Commodification

Hardware costs – economies of scale; Software costs –

opensource software; & Efficient resource usage

Elasticity & Functionality Can provision one or many virtual server in minutes.

Increased Functionality &

Reliability

Amazon: “flywheel effect” or the “virtuous circle” with

regard to innovation.

Additional Revenue Streams Data monetisation; networks and marketplaces; and

advertising.

Reliance on Internet

Connectivity

No brainer

Privacy & Security Standard set of security measures, which may or may not

meet the requirements of a given user.

Reliance on Cloud Provider Failure in the cloud provider’s service: end user’s

business operations will likely be impacted.

Cloud Contracts 101 – Important

Clauses & Concepts: Part 1Clause Description

Master Services Agreement MSA addresses general high-level contractual aspects; SLA focuses on

project specific issues.

Public cloud, private cloud,

virtual private cloud

This will be influenced by your requirements: especially security. Public =

available to everyone; Private = private and dedicated infrastructure; and

Virtual Private = shared infrastructure but segregated.

Duration Is it from date of signature or date when the cloud services are first

delivered?

Contract Variation Does the MSA allow for you to scale-up or scale-down?

Benchmarking Industry standards and pricing over the agreement term will change. This

allows you to do a comparison and renegotiate some terms. E.g.

connectivity costs may decrease.

Service Governance Who monitors delivery and who are the decision makers?

Warranties & Indemnities You want to ensure that you are covered for as much as possible: don’t

forget to insist on cyber-insurance and carefully consider what it covers.

Cloud Contracts 101 – Important

Clauses & Concepts: Part 2Clause Description

Data Privacy & Security Detailed provisions on privacy obligations: where the data is hosted

(sovereignty); what standards to apply e.g. ISO/IEC – 29151: Code of

practice for personally identifiable information protection & ISO/IEC

27017:2015 Information technology — Security techniques

Intellectual Property & Data

Ownership

Who owns the data and when do you get it back? Consider the Dept of

Transport / Tasima eNatis litigation.

Audit Rights You need to be able to access the data centre and verify that the

promises that have been made are being kept.

Disengagement and Step-In

Rights

What happens if the service provider is not performing or if the contract

has ended and you’ve appointed a new provider: how will the transfer

happen.

Service Level Agreement Deals with the specific granular aspects of the service

Services Need to have a detailed description of in scope and out of scope: biggest

problem area. Need to have milestones for project delivery.

Service Levels Metrics, metrics metrics…and then service credits / penalties

Cloud Related Legislation

Legislation Relevance

Protection of Personal

Information Act, 2013

Addresses privacy, security requirements and

transfers to third party countries.

Critical Infrastructure

Bill, 2017

Defines critical infrastructure and requires those

operating it to take certain steps.

SARB: Prudential

Authority – Directive on

Cloud Computing and

Offshoring of Data

Relates to effective risk management

processes by banks and the continuous

management of risk arising

from the use of cloud computing and/or the

offshoring of data.

The US CLOUD Act The CLOUD Act it is an update to United States law

that clarifies the geographic scope for United

States law enforcement requests and provides new

means for services providers to challenge requests

that conflict with another country's laws or national

interests.

Cloud…it’s the way to go!

Any questions?

Follow us on: