@COISSA Cloud Computing and Privacy

  • Published on
    22-Jan-2017

  • View
    63

  • Download
    0

Transcript

Dino Tsibouris(614) 360-3133Dino@Tsibouris.comUpdates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur(614) 859-6962Mehmet.Munur@Tsibouris.comDinoOutlineCloud ContractingCloud SecurityGovernment Access to Data in the CloudEU Safe Harbor and Transfers of Personal Data from EuropeContractingLets move to cloud contracting3Contracting4ContractingLiability Unlimited Capped5Contracting6ContractingIndemnificationIntellectual propertyViolation of lawsViolation of agreementGross negligence7ContractingService LevelsAvailability, scheduled maintenance, emergency maintenancePerformance, response time, latencySecurityCertificationEncryption in transit, at rest, in backups8ContractingVulnerabilitiesTreat vulnerabilities like security breachesDemand:NotificationAction planRemediationMitigation9Security in PracticeMajor cloud providers implement reasonable or appropriate measure. You are responsible for your configuration. You get Service Levels, but no other warranties. Liability is limited, typically to 12-months fees. Security in PracticeMajor cloud providers implement reasonable or appropriate measure. You are responsible for your configuration. You get Service Levels, but no other warranties. Liability is limited, typically to 12-months fees. Security in Practice - AWS3.1 AWS Security. Without limiting Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.Security in Practice - AWS4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.Security in Practice - AWSTHE SERVICE OFFERINGS ARE PROVIDED AS IS. WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.Security in Practice - AzureWe maintain appropriate technical and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, or unlawful destruction. Current information about our security practices can be found within the Trust Center. You are wholly responsible for configuring your Customer Solution to ensure adequate security, protection, and backup of Customer Data. Security in Practice - AzureWe will comply with all laws applicable to our provision of the Services, including applicable security breach notification laws, but not including any laws applicable to you or your industry that are not generally applicable to information technology services providers. You will comply with all laws applicable to your Customer Solution, Customer Data, and your use of the Services, including any laws applicable to you or your industry. Security in Practice - AzureLimited warranty. We warrant that the Services will meet the terms of the SLAs during the Term. Your only remedies for breach of this warranty are those in the SLAs. Security in Practice - AzureDISCLAIMER. Other than this warranty, we provide no warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability or fitness for a particular purpose. These disclaimers will apply except to the extent applicable law does not permit them.Privacy in the Cloud - AWSYou may specify the AWS regions in which Your Content will be stored and accessible by End Users. We will not move Your Content from your selected AWS regions without notifying you, unless required to comply with the law or requests of governmental entities. You consent to our collection, use and disclosure of information associated with the Service Offerings in accordance with our Privacy Policy...Government Access to DataGovernment Access to DataCybersecurity Information Sharing ActAllows sharing of cybersecurity threat data with the DHSPassed in Senate and House, in reaction to Sony, Anthem, and OPM breachesBroad sharing of personal information with the government with few privacy protection in placeInternational Privacy IssuesPossible AlternativesStandard Contractual Clauses (Model Clauses)Binding Corporate RulesDerogations in LawNecessary for performance of contractUnambiguous, informed, freely given, specific consentJanuary 31, 2016 deadline by European privacy regulatorsGeneral Data Protection RegulationEU member states in final stages of negotiationsExpected in the next year or soIncludes data breach notification obligationFines as high as 2% of annual turnover Dino Tsibouris(614) 360-3133Dino@Tsibouris.comMehmet Munur(614) 859-6962Mehmet.Munur@Tsibouris.comQuestions & Answers

Recommended

View more >