25 / 06 / 2014

Shifting cloud cover:

The changing

technological and

legal landscape of

cloud contracting

CALUM MURRAY, KEMP LITTLE

CHRIS HILL, KEMP LITTLE

GLEN ROBINSON, AMAZON WEB

SERVICES

Why cloud developed and what it offers

How the technology is evolving and blurring (SaaS, PaaS, IaaS)

Where the technology is going next

Where the market is now on legal terms

How the market is maturing

Recent industry and legal developments in the area – and what they mean

for business

Session outline

Paradigm shift in computing

“You have to know the past to understand the present”

– 80s computer – hardware, software, processing in one (big) box

– Internet – boxes talk to each other

– Bandwidth – faster data transfer

– Splitting of the components

– Virtualisation

Why cloud developed and what it offers (1)

Huge economies of scale:

– Hardware purchase

– Maintenance

– Standards

– Personnel

Cost

Why cloud developed and what it offers (2)

Variations on a theme:

– Network

– Split of elements that combine to provide computing power

SaaS, PaaS and IaaS

– for more detail search for “Kemp Little cloud jargon guide”

Spectrum of control

Public vs private / community clouds

What is cloud?

Cloud Adoption

Glen Robinson, Mgr Solution Architecture

25th June 2014

Now part of your everyday life

Regions Availability Zones Content Delivery POPs

Storage Gateway S3 EBS Glacier Import/Export DynamoDB ElastiCache

Storage Compute Databases

RDS

MySQL, PostgreSQL Oracle, SQL Server

Elastic Load Balancer EC2 Auto Scaling

Direct Connect Route 53 VPC Networking

Analytics

Data Pipeline Redshift EMR Kinesis SWF SNS SQS CloudSearch SES AppStream CloudFront

Application Services

WorkSpaces

Management & Administration IAM CloudWatch CloudTrail APIs and SDKs Management Console Cloud HSM Command Line Interface

Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormation Containers & Deployment

Technology Partners Consulting Partners AWS Marketplace Ecosystem

Support Certification Training Professional Services

A Rapid Pace of Innovation

24

48 61

82

159

280

2014: 105 New Features and Services Since January

2013 2012 2011 2010 2009 2008

Our 42nd Price Reduction Effective April 1, 2014

51% reduction

on average

Tier prices decrease from 36% to 65%

S3 EMR

27% to 61%

reduction Average

reduction of 28%

RDS

ElastiCache

Average reduction of 34%

38% reduction

for M3

30% reduction for C3

EC2

10% to 40% reduction for M1, M2, C1 and CC2

Private compute

Private storage

Private network Private key

management Governance

What are customers looking for in the

datacenter?

The Good News Is That You Can Get All of

This in the Cloud

Private network Private

compute

Private storage

Private key management

Governance

The Financial Times Group picked AWS RedShift for its data warehousing tasks and reduced its data processing time by 98%. That’s not all. The public cloud service also helped it cut costs by 80%.

http://www.computerweekly.com/news/2240219989/FT-takes-data-warehousing-to-the-cloud-and-cuts-costs-by-80

Amazon Redshift

Fast, simple, petabyte-scale data warehousing for less than $1,000/TB/Year

Using AWS Enables Supercell to Provide Reliable Performance for

8.5M Players Each Day

• Finland-based Supercell is one of the fastest-growing social game developers in

the world

• Supercell founders wanted its developers to focus on

making outstanding games—rather than on IT tasks

and infrastructure maintenance

• Supercell uses AWS to provide scalability and reliable

performance for its 8.5M daily players

“The world of gaming never sleeps. We owe every player a great experience, and AWS is our main tool to make that happen.” - Sami Yliharju, Director of Server Engineering

Nov 2013 Top 500 list

484.2 TFlop/s

26,496 cores in a cluster of EC2 C3 instances

LinPack Benchmark

Top 500 64th fastest supercomputer on-demand

TRADERWORX: Market Information Data Analytics System

For the growing team of quant types now

employed at the SEC, MIDAS is becoming

the world’s greatest data sandbox. And the

staff is planning to use it to make the SEC a

leader in its use of market data

Elisse B. Walter,

Chairman of the SEC

Tradeworx

”

“ • Powerful AWS-based system for market analytics

• 2M transaction messages/sec; 20B records and 1TB/day

News Corp made the journey into the cloud

All-in

True

Production

Share development globally, in minutes

Dev & Test

APIs integrated legacy technology

Mission

Critical

Dozens of mobile apps

Back office apps

All-in

3,000 apps by Jan 2015

AWS will contribute toward a global savings

of $100M in our infrastructure costs. Stephen Orban

CTO

There are many reasons to move to the Cloud

#1: Agility

#2: Platform Breadth

#3: Continual Iteration and Innovation

#4: Cost Savings and Flexibility

Our 42nd Price Reduction

Many Thanks

Multiple vendors

Subcontracting

Questions on:

– Responsibility / risk allocation

– Layers of terms

– Location

Funnelling and integrators

How the cloud market is maturing – contractual structures

Custom

Private Cloud

Managed

Private Cloud

Virtual

Private Cloud

Community

Private Cloud

Public Cloud

Owner Customer Customer Provider Provider Provider

Operator Customer Provider Provider Provider Provider

Service Access Closed Closed Closed Limited group Open

Level of Control Full High High Low None

Security /

Location

As selected by

Customer

As selected by

Customer

As selected by

Customer

As described by

Provider

As described by

Provider

Legal Terms Negotiable Negotiable Negotiable but

clear impact on

price for changes

Limited outside of

standard agreed

terms

Standard terms

only - non-

negotiable

Closed Private Open Public

Price vs control and terms

Public - You don’t get what you don’t pay for:

Commoditised services

Much cheaper

Low control – over anything

US-style approach - no legal liability, let the market decide

Legal risks on customer

But, for commoditised low cost services, this may be reasonable – to some

extent, and depending on the technical context

How the cloud market is maturing – contracting terms (1)

Private - You should get what you do pay for:

Less commoditised, therefore more expensive

Far more control – a bit more like outsourcing

Bigger enterprise clients / those prepared to pay more

Theoretically should go further towards facilitating legal compliance

How the cloud market is maturing – contracting terms (2)

The terms themselves - When you don’t get what you have paid for:

Still a seller’s market

Even for private cloud – terms still based on the supplier’s standard terms

How the cloud market is maturing – contracting terms (3)

The terms themselves - When you don’t get what you have paid for:

The standard issues that come up:

– Limitation of liability

– Service levels

– Security and data privacy

– Termination rights

– Exit assistance / data portability

– Unilateral change of terms / service features

– IPR ownership

How the cloud market is maturing – contracting terms (4)

Movement on terms

– Some liability accepted for data and IPR

– Some service levels - but what boundaries?

Commercial market pressures

Deals failing

Increased competition

“End of the beginning” – but far from a buyer’s market

– More detail in our event archive – search for “Kemp Little archive cloud market”

How the cloud market is maturing – contracting terms (5)

Public pressure

Public sector intervention – but commercial rather than legislative

– G-cloud

– European Cloud Computing Strategy

How the cloud market is maturing – public sector

intervention

UK government project

Promote uptake and facilitate procurement of cloud services in the public

sector, particularly SMEs

“CloudStore” – catalogue of services for procurement

Framework agreement and minimum standards / accreditation

How the cloud market is maturing – G-Cloud – background

Framework plus supplier’s own standard terms:

– Precedence of framework

– Missing terms

– Conflict vacuum

– Order Form terms

Public procurement rules issues

But lessons learned

Renewed every 6 months, G5 just finished

How the cloud market is maturing – G-Cloud - issues

European Cloud Computing Strategy

– part of Digital Agenda

– “Public authorities have a role to play in forging a trusted cloud environment in Europe.

They have an opportunity to use their procurement weight to promote the

development and uptake of cloud computing in Europe based on open technologies

and secure platforms.”

– Three limbs:

– Safe and Fair Contract Terms and Conditions

– Cutting through the jungle of Standards

– Establishing a European Cloud Partnership

How the cloud market is maturing – European agenda

1. Safe and Fair Contract Terms and Conditions

Commission has identified that terms are limiting uptake

In June 2013 “set up a group of experts to define safe and fair conditions and

identify best practices for cloud computing contracts”

How the cloud market is maturing – European agenda

1. Safe and Fair Contract Terms and Conditions

Explicitly mentioned:

– data preservation post-termination

– data disclosure, integrity, ownership, location and transfer

– direct and indirect liability

– service changes

– subcontracting

Optional use - the “so what” test

Public sector use?

How the cloud market is maturing – European agenda

2. “Cutting through the jungle of standards”

Aim of promoting interoperability, data portability and reversibility – anti-lock-in

European Telecommunications Standards Institute tasked to develop standards

Report and map of standards at

http://www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-

Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDF

Aiming at self-certification schemes

“the priority now is to deploy existing standards to develop confidence in cloud

computing via comparable service stacks as well as interoperable and diverse

offerings”

How the cloud market is maturing – European agenda

3. European cloud partnership

Aim of gaining efficiencies by pooling public sector requirements

Reduce costs and enable interoperability and market opportunities for SMEs

Comparable initiatives to G-Cloud

How the cloud market is maturing – European agenda

What does this mean in practice?

The “so-what” test

Likely uptake via “public procurement weight”

Public sector “can stimulate and shape the market through their significant

buying power”

Competitive opportunity for smaller firms

Therefore use in the private sector as well?

How the cloud market is maturing – European agenda

Google ordered to remove old / irrelevant search results at the request of the data

subjects

Thousands of requests already

Held that Google:

– is “processing” by retrieving, recording, organising, storing, and making available the

data in question

– is the controller – determines the purposes and means of the processing

A29WP Opinion – 05/2012 – possibility of cloud provider as controller

Controllers by analogy

Enforcement? Cost implications?

Latest developments – Right to be forgotten

Your Response Ltd v Datateam Business Media Ltd [2014] EWCA Civ 281

Can data be retained by a supplier pending payment of fees

Lien on intangible data

Not for now, but…

…watch this space

Comfort for customers; pointer for suppliers

Latest developments – data lien case

Model Clauses

– 2010 Model Clauses – EEA controller to non-EEA processor, with non-EEA sub-processor

– A29WP addressing EEA controller to EEA processor, with non-EEA sub-processor

– Working document

– Uptake?

Safe Harbor

– Renegotiation post-Snowden

– Transparency, clarity on government access, active audit and enforcement

– Publishing of privacy provisions of contracts with subcontractors

Latest developments – Model Clauses and Safe Harbour

Drug trafficking investigation

Warrant issued in New York for emails held in Dublin data centre

Microsoft resisting – Verizon assisting

Impact on trust in US cloud providers

Efforts on encryption

Latest developments – Microsoft in Dublin

Proposed Cybersecurity Directive

Part of Digital Agenda

National authorities and computer emergency response teams

Article 14 – “market operators” obliged:

– to take measures which guarantee a level of security appropriate to the risk

presented

– to notify of “incidents having a significant impact on the security of the core

services they provide”

Latest developments – cybersecurity

Market continues to develop

Rate of change unlikely to lessen

Shaping the market:

– Market power

– Legislative intervention

– Technological development

Speed, unpredictability – watchful eye required

What next?

Speakers

Calum Murray

Head of Commercial

Technology

020 7710 1615

Calum.murray@kemplittle.com

Chris Hill

Senior Associate,

Commercial Technology 020 7710 1636

Chris.hill@kemplittle.com

Glen Robinson

Solution Architect Manager,

Amazon Web Services