ppm attorneys year-end seminar wednesday, 27 november 2019 · 2019. 12. 6. · legal tips on moving...
TRANSCRIPT
LEGAL TIPS ON
MOVING TO THE
CLOUD
PPM Attorneys Year-End Seminar
Wednesday, 27 November 2019
What’s on the cloud agenda today?
What is “the Cloud”?
• Types of cloud computing
• Technical elements of cloud computing
• Advantages and disadvantages
Cloud Contracts 101: important clauses
Cloud related legislation
• POPIA
• SARB & Prudential Authority Cloud Directives
• The “CLOUD” Act
What is the Cloud?
Types of Cloud Computing
Tech Elements of Cloud Computing
Pros & Cons of Cloud Computing
Issue Description Pro / Con
Costs and Cash Flow No up-front costs, and fees are charged only as and when
the services are used.
Efficiency – Economies of Scale
& Commodification
Hardware costs – economies of scale; Software costs –
opensource software; & Efficient resource usage
Elasticity & Functionality Can provision one or many virtual server in minutes.
Increased Functionality &
Reliability
Amazon: “flywheel effect” or the “virtuous circle” with
regard to innovation.
Additional Revenue Streams Data monetisation; networks and marketplaces; and
advertising.
Reliance on Internet
Connectivity
No brainer
Privacy & Security Standard set of security measures, which may or may not
meet the requirements of a given user.
Reliance on Cloud Provider Failure in the cloud provider’s service: end user’s
business operations will likely be impacted.
Cloud Contracts 101 – Important
Clauses & Concepts: Part 1Clause Description
Master Services Agreement MSA addresses general high-level contractual aspects; SLA focuses on
project specific issues.
Public cloud, private cloud,
virtual private cloud
This will be influenced by your requirements: especially security. Public =
available to everyone; Private = private and dedicated infrastructure; and
Virtual Private = shared infrastructure but segregated.
Duration Is it from date of signature or date when the cloud services are first
delivered?
Contract Variation Does the MSA allow for you to scale-up or scale-down?
Benchmarking Industry standards and pricing over the agreement term will change. This
allows you to do a comparison and renegotiate some terms. E.g.
connectivity costs may decrease.
Service Governance Who monitors delivery and who are the decision makers?
Warranties & Indemnities You want to ensure that you are covered for as much as possible: don’t
forget to insist on cyber-insurance and carefully consider what it covers.
Cloud Contracts 101 – Important
Clauses & Concepts: Part 2Clause Description
Data Privacy & Security Detailed provisions on privacy obligations: where the data is hosted
(sovereignty); what standards to apply e.g. ISO/IEC – 29151: Code of
practice for personally identifiable information protection & ISO/IEC
27017:2015 Information technology — Security techniques
Intellectual Property & Data
Ownership
Who owns the data and when do you get it back? Consider the Dept of
Transport / Tasima eNatis litigation.
Audit Rights You need to be able to access the data centre and verify that the
promises that have been made are being kept.
Disengagement and Step-In
Rights
What happens if the service provider is not performing or if the contract
has ended and you’ve appointed a new provider: how will the transfer
happen.
Service Level Agreement Deals with the specific granular aspects of the service
Services Need to have a detailed description of in scope and out of scope: biggest
problem area. Need to have milestones for project delivery.
Service Levels Metrics, metrics metrics…and then service credits / penalties
Cloud Related Legislation
Legislation Relevance
Protection of Personal
Information Act, 2013
Addresses privacy, security requirements and
transfers to third party countries.
Critical Infrastructure
Bill, 2017
Defines critical infrastructure and requires those
operating it to take certain steps.
SARB: Prudential
Authority – Directive on
Cloud Computing and
Offshoring of Data
Relates to effective risk management
processes by banks and the continuous
management of risk arising
from the use of cloud computing and/or the
offshoring of data.
The US CLOUD Act The CLOUD Act it is an update to United States law
that clarifies the geographic scope for United
States law enforcement requests and provides new
means for services providers to challenge requests
that conflict with another country's laws or national
interests.
Cloud…it’s the way to go!
Any questions?
Follow us on: