1 / 49

An Introduction to the Technology and Ethics of Cloud Computing

An Introduction to the Technology and Ethics of Cloud Computing. Jack Newton Co-founder and President Themis Solutions Inc. (Clio). what is software-as-a-service?. traditional computing model. Local Area Network. The Internet. c loud computing model. Local Area Network.

munin
Télécharger la présentation

An Introduction to the Technology and Ethics of Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to the Technology and Ethics of Cloud Computing Jack Newton Co-founder and President Themis Solutions Inc. (Clio)

  2. what is software-as-a-service?

  3. traditional computing model Local Area Network The Internet

  4. cloud computing model Local Area Network The Internet

  5. traditional software distribution

  6. cloud computing distribution

  7. why software-as-a-service?

  8. freedom

  9. available from any device

  10. security

  11. terminology • Secure Sockets Layer (SSL) • Industry standard protocol for securing Internet communications • Banks, e-commerce sites (Amazon.com, etc.) all use SSL for secure communications

  12. without ssl Please give me my bank account balance $2,031.34 Your Computer Your Bank’s Server Information exchanged is insecure

  13. with ssl 01101010001010110101010100101010 11010001110 Your Computer Your Bank’s Server Information exchanged is encrypted for security

  14. verifying ssl connections A sealed lock icon indicates a secure connection Firefox: Safari: Internet Explorer:

  15. server security Are third-party audits being performed?

  16. server security

  17. server security

  18. privacy

  19. privacy Does the SaaS provider have a published privacy policy? Need to ensure you own your data The private client information stored with your SaaS provider cannot be used for any other purposes

  20. facebook privacy policy You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.

  21. TRUSTe “TRUSTe’s program requirements are based upon the Fair Information Principles and OCED Guidelines around notice, choice, access, security, and redress - the core foundations of privacy and building trust.  Sealholders are required to undergo a rigorous review process to assess the accuracy of privacy disclosures and compliance with TRUSTe’s requirements in order to obtain certification.” How is sensitive information being handled?

  22. data availability

  23. internal backup policies How many times per day is data backed up? Is data backed up to multiple offsite locations?

  24. external backup provisions Comma Separated Values (CSV) Extensible Markup Language (XML) Microsoft Excel (XLS) Can you perform an export of your data?

  25. business continuity What if the SaaS provider goes out of business?

  26. option 1: data export Comma Separated Values (CSV) Extensible Markup Language (XML) Microsoft Excel (XLS) Cross your fingers and hope you’re up to date…

  27. newton’s first law of backups: If it isn’t automated you’ll forget to do it

  28. option 2: data escrow saas provider escrow provider saas user

  29. terms of service /service level agreement

  30. terms of service ToS Outlines the conditions under which you agree to use the service Ensure you’ve reviewed and accepted your provider’s terms of service

  31. service level agreement SLA Outlines guaranteed uptime percentages E.g. 99.9% Usually providers for some kind of compensation if downtime exceeds SLA guarantee

  32. geography

  33. data geography Where is data stored? Are there provisions preventing data export?

  34. total cost of ownership

  35. total cost of ownership TCO Assessment of both direct and indirect costs associated with software and hardware solutions

  36. traditional desktop software tco annual software renewal technical support contract original software purchase

  37. traditional desktop software tco original hardware purchase networking / virtual private network backups/ data redundancy

  38. traditional desktop software tco

  39. saas tco

  40. google apps vs. exchangecost comparison • Discovered the business community is largely unaware of the costs of running an e-mail account • Many companies surveyed gave guesses from $2 to $11 per user, although a detailed accounting showed that the costs were often several times that  

  41. google apps vs. exchangecost comparison

  42. ethics of cloud computing

  43. North Carolina Ethics Inquiry First ethics opinion in North America specifically focused on use of cloud computing in a law firm Hot off the presses – committee met April 15th

  44. North Carolina Ethics Inquiry Is it within the Rules of Professional Conduct for an attorney/law firm to use online ("cloud computing") practice management programs (e.g., the Clio program) as part of the practice of law? These are instances where the software program is accessed online with a password and is not software installed on a computer within the firm's office.

  45. North Carolina Proposed Formal Ethics Opinion Yes, provided steps are taken effectively to minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including file information, from risk of loss.

  46. North Carolina Proposed Formal Ethics Opinion Yes, provided steps are taken effectively to minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including file information, from risk of loss.

  47. North Carolina Proposed Formal Ethics Opinion Although a lawyer has a professional obligation to protect confidential information from unauthorized disclosure, the Ethics Committee has long held that this duty does not compel any particular mode of handling confidential information nor does it prohibit the employment of vendors whose services may involve the handling of documents or data containing client information. See RPC 133 (no requirement that firm’s waste paper be shredded if lawyer ascertains that persons or entities responsible for the disposal employ procedures that effectively minimize the risk that confidential information may be disclosed). Moreover, the committee has held that, while the duty of confidentiality extends to the use of technology to communicate, “this obligation does not require that a lawyer use only infallibly secure methods of communication.” RPC 215. Rather, the lawyer must use reasonable care to select a mode of communication that, in light of the circumstances, will best protect confidential communications and the lawyer must advise effected parties if there is reason to believe that the chosen communications technology presents an unreasonable risk to confidentiality.

  48. www.goclio.com | jack@goclio.com | twitter: @goclio

More Related