Download presentation
Presentation is loading. Please wait.
Published byDenis Woods Modified over 8 years ago
1
Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com
2
Outline 1.Cloud Contracting 2.Cloud Security 3.Government Access to Data in the Cloud 4.EU Safe Harbor and Transfers of Personal Data from Europe
3
Contracting
5
Liability – Unlimited – Capped
6
Contracting
7
Indemnification – Intellectual property – Violation of laws – Violation of agreement – Gross negligence
8
Contracting Service Levels – Availability, scheduled maintenance, emergency maintenance – Performance, response time, latency Security – Certification – Encryption in transit, at rest, in backups
9
Contracting Vulnerabilities – Treat vulnerabilities like security breaches – Demand: Notification Action plan Remediation Mitigation
10
Security in Practice Major cloud providers implement reasonable or appropriate measure. You are responsible for your configuration. You get Service Levels, but no other warranties. Liability is limited, typically to 12-month’s fees.
11
Security in Practice Major cloud providers implement reasonable or appropriate measure. You are responsible for your configuration. You get Service Levels, but no other warranties. Liability is limited, typically to 12-month’s fees.
13
Security in Practice - AWS 3.1 AWS Security. Without limiting Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
14
Security in Practice - AWS 4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.
15
Security in Practice - AWS THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.
16
Security in Practice - Azure We maintain appropriate technical and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, or unlawful destruction. Current information about our security practices can be found within the Trust Center. You are wholly responsible for configuring your Customer Solution to ensure adequate security, protection, and backup of Customer Data.
17
Security in Practice - Azure We will comply with all laws applicable to our provision of the Services, including applicable security breach notification laws, but not including any laws applicable to you or your industry that are not generally applicable to information technology services providers. You will comply with all laws applicable to your Customer Solution, Customer Data, and your use of the Services, including any laws applicable to you or your industry.
18
Security in Practice - Azure Limited warranty. We warrant that the Services will meet the terms of the SLAs during the Term. Your only remedies for breach of this warranty are those in the SLAs.
19
Security in Practice - Azure DISCLAIMER. Other than this warranty, we provide no warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability or fitness for a particular purpose. These disclaimers will apply except to the extent applicable law does not permit them.
20
Privacy in the Cloud - AWS You may specify the AWS regions in which Your Content will be stored and accessible by End Users. We will not move Your Content from your selected AWS regions without notifying you, unless required to comply with the law or requests of governmental entities. You consent to our collection, use and disclosure of information associated with the Service Offerings in accordance with our Privacy Policy...
21
Government Access to Data
22
Cybersecurity Information Sharing Act Allows sharing of cybersecurity threat data with the DHS Passed in Senate and House, in reaction to Sony, Anthem, and OPM breaches Broad sharing of personal information with the government with few privacy protection in place
23
International Privacy Issues
24
Possible Alternatives Standard Contractual Clauses (Model Clauses) Binding Corporate Rules Derogations in Law – Necessary for performance of contract – Unambiguous, informed, freely given, specific consent January 31, 2016 deadline by European privacy regulators
25
General Data Protection Regulation EU member states in final stages of negotiations Expected in the next year or so Includes data breach notification obligation Fines as high as 2% of annual turnover
26
Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com Questions & Answers
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.