Upload
doanh
View
215
Download
0
Embed Size (px)
Citation preview
25 / 06 / 2014
Shifting cloud cover:
The changing
technological and
legal landscape of
cloud contracting
CALUM MURRAY, KEMP LITTLE
CHRIS HILL, KEMP LITTLE
GLEN ROBINSON, AMAZON WEB
SERVICES
Why cloud developed and what it offers
How the technology is evolving and blurring (SaaS, PaaS, IaaS)
Where the technology is going next
Where the market is now on legal terms
How the market is maturing
Recent industry and legal developments in the area – and what they mean
for business
Session outline
Paradigm shift in computing
“You have to know the past to understand the present”
– 80s computer – hardware, software, processing in one (big) box
– Internet – boxes talk to each other
– Bandwidth – faster data transfer
– Splitting of the components
– Virtualisation
Why cloud developed and what it offers (1)
Huge economies of scale:
– Hardware purchase
– Maintenance
– Standards
– Personnel
Cost
Why cloud developed and what it offers (2)
Variations on a theme:
– Network
– Split of elements that combine to provide computing power
SaaS, PaaS and IaaS
– for more detail search for “Kemp Little cloud jargon guide”
Spectrum of control
Public vs private / community clouds
What is cloud?
Regions Availability Zones Content Delivery POPs
Storage Gateway S3 EBS Glacier Import/Export DynamoDB ElastiCache
Storage Compute Databases
RDS
MySQL, PostgreSQL Oracle, SQL Server
Elastic Load Balancer EC2 Auto Scaling
Direct Connect Route 53 VPC Networking
Analytics
Data Pipeline Redshift EMR Kinesis SWF SNS SQS CloudSearch SES AppStream CloudFront
Application Services
WorkSpaces
Management & Administration IAM CloudWatch CloudTrail APIs and SDKs Management Console Cloud HSM Command Line Interface
Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormation Containers & Deployment
Technology Partners Consulting Partners AWS Marketplace Ecosystem
Support Certification Training Professional Services
A Rapid Pace of Innovation
24
48 61
82
159
280
2014: 105 New Features and Services Since January
2013 2012 2011 2010 2009 2008
Our 42nd Price Reduction Effective April 1, 2014
51% reduction
on average
Tier prices decrease from 36% to 65%
S3 EMR
27% to 61%
reduction Average
reduction of 28%
RDS
ElastiCache
Average reduction of 34%
38% reduction
for M3
30% reduction for C3
EC2
10% to 40% reduction for M1, M2, C1 and CC2
Private compute
Private storage
Private network Private key
management Governance
What are customers looking for in the
datacenter?
The Good News Is That You Can Get All of
This in the Cloud
Private network Private
compute
Private storage
Private key management
Governance
The Financial Times Group picked AWS RedShift for its data warehousing tasks and reduced its data processing time by 98%. That’s not all. The public cloud service also helped it cut costs by 80%.
http://www.computerweekly.com/news/2240219989/FT-takes-data-warehousing-to-the-cloud-and-cuts-costs-by-80
Amazon Redshift
Fast, simple, petabyte-scale data warehousing for less than $1,000/TB/Year
Using AWS Enables Supercell to Provide Reliable Performance for
8.5M Players Each Day
• Finland-based Supercell is one of the fastest-growing social game developers in
the world
• Supercell founders wanted its developers to focus on
making outstanding games—rather than on IT tasks
and infrastructure maintenance
• Supercell uses AWS to provide scalability and reliable
performance for its 8.5M daily players
“The world of gaming never sleeps. We owe every player a great experience, and AWS is our main tool to make that happen.” - Sami Yliharju, Director of Server Engineering
Nov 2013 Top 500 list
484.2 TFlop/s
26,496 cores in a cluster of EC2 C3 instances
LinPack Benchmark
Top 500 64th fastest supercomputer on-demand
TRADERWORX: Market Information Data Analytics System
For the growing team of quant types now
employed at the SEC, MIDAS is becoming
the world’s greatest data sandbox. And the
staff is planning to use it to make the SEC a
leader in its use of market data
Elisse B. Walter,
Chairman of the SEC
Tradeworx
”
“ • Powerful AWS-based system for market analytics
• 2M transaction messages/sec; 20B records and 1TB/day
News Corp made the journey into the cloud
All-in
True
Production
Share development globally, in minutes
Dev & Test
APIs integrated legacy technology
Mission
Critical
Dozens of mobile apps
Back office apps
All-in
3,000 apps by Jan 2015
AWS will contribute toward a global savings
of $100M in our infrastructure costs. Stephen Orban
CTO
There are many reasons to move to the Cloud
#1: Agility
#2: Platform Breadth
#3: Continual Iteration and Innovation
#4: Cost Savings and Flexibility
Our 42nd Price Reduction
Multiple vendors
Subcontracting
Questions on:
– Responsibility / risk allocation
– Layers of terms
– Location
Funnelling and integrators
How the cloud market is maturing – contractual structures
Custom
Private Cloud
Managed
Private Cloud
Virtual
Private Cloud
Community
Private Cloud
Public Cloud
Owner Customer Customer Provider Provider Provider
Operator Customer Provider Provider Provider Provider
Service Access Closed Closed Closed Limited group Open
Level of Control Full High High Low None
Security /
Location
As selected by
Customer
As selected by
Customer
As selected by
Customer
As described by
Provider
As described by
Provider
Legal Terms Negotiable Negotiable Negotiable but
clear impact on
price for changes
Limited outside of
standard agreed
terms
Standard terms
only - non-
negotiable
Closed Private Open Public
Price vs control and terms
Public - You don’t get what you don’t pay for:
Commoditised services
Much cheaper
Low control – over anything
US-style approach - no legal liability, let the market decide
Legal risks on customer
But, for commoditised low cost services, this may be reasonable – to some
extent, and depending on the technical context
How the cloud market is maturing – contracting terms (1)
Private - You should get what you do pay for:
Less commoditised, therefore more expensive
Far more control – a bit more like outsourcing
Bigger enterprise clients / those prepared to pay more
Theoretically should go further towards facilitating legal compliance
How the cloud market is maturing – contracting terms (2)
The terms themselves - When you don’t get what you have paid for:
Still a seller’s market
Even for private cloud – terms still based on the supplier’s standard terms
How the cloud market is maturing – contracting terms (3)
The terms themselves - When you don’t get what you have paid for:
The standard issues that come up:
– Limitation of liability
– Service levels
– Security and data privacy
– Termination rights
– Exit assistance / data portability
– Unilateral change of terms / service features
– IPR ownership
How the cloud market is maturing – contracting terms (4)
Movement on terms
– Some liability accepted for data and IPR
– Some service levels - but what boundaries?
Commercial market pressures
Deals failing
Increased competition
“End of the beginning” – but far from a buyer’s market
– More detail in our event archive – search for “Kemp Little archive cloud market”
How the cloud market is maturing – contracting terms (5)
Public pressure
Public sector intervention – but commercial rather than legislative
– G-cloud
– European Cloud Computing Strategy
How the cloud market is maturing – public sector
intervention
UK government project
Promote uptake and facilitate procurement of cloud services in the public
sector, particularly SMEs
“CloudStore” – catalogue of services for procurement
Framework agreement and minimum standards / accreditation
How the cloud market is maturing – G-Cloud – background
Framework plus supplier’s own standard terms:
– Precedence of framework
– Missing terms
– Conflict vacuum
– Order Form terms
Public procurement rules issues
But lessons learned
Renewed every 6 months, G5 just finished
How the cloud market is maturing – G-Cloud - issues
European Cloud Computing Strategy
– part of Digital Agenda
– “Public authorities have a role to play in forging a trusted cloud environment in Europe.
They have an opportunity to use their procurement weight to promote the
development and uptake of cloud computing in Europe based on open technologies
and secure platforms.”
– Three limbs:
– Safe and Fair Contract Terms and Conditions
– Cutting through the jungle of Standards
– Establishing a European Cloud Partnership
How the cloud market is maturing – European agenda
1. Safe and Fair Contract Terms and Conditions
Commission has identified that terms are limiting uptake
In June 2013 “set up a group of experts to define safe and fair conditions and
identify best practices for cloud computing contracts”
How the cloud market is maturing – European agenda
1. Safe and Fair Contract Terms and Conditions
Explicitly mentioned:
– data preservation post-termination
– data disclosure, integrity, ownership, location and transfer
– direct and indirect liability
– service changes
– subcontracting
Optional use - the “so what” test
Public sector use?
How the cloud market is maturing – European agenda
2. “Cutting through the jungle of standards”
Aim of promoting interoperability, data portability and reversibility – anti-lock-in
European Telecommunications Standards Institute tasked to develop standards
Report and map of standards at
http://www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-
Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDF
Aiming at self-certification schemes
“the priority now is to deploy existing standards to develop confidence in cloud
computing via comparable service stacks as well as interoperable and diverse
offerings”
How the cloud market is maturing – European agenda
3. European cloud partnership
Aim of gaining efficiencies by pooling public sector requirements
Reduce costs and enable interoperability and market opportunities for SMEs
Comparable initiatives to G-Cloud
How the cloud market is maturing – European agenda
What does this mean in practice?
The “so-what” test
Likely uptake via “public procurement weight”
Public sector “can stimulate and shape the market through their significant
buying power”
Competitive opportunity for smaller firms
Therefore use in the private sector as well?
How the cloud market is maturing – European agenda
Google ordered to remove old / irrelevant search results at the request of the data
subjects
Thousands of requests already
Held that Google:
– is “processing” by retrieving, recording, organising, storing, and making available the
data in question
– is the controller – determines the purposes and means of the processing
A29WP Opinion – 05/2012 – possibility of cloud provider as controller
Controllers by analogy
Enforcement? Cost implications?
Latest developments – Right to be forgotten
Your Response Ltd v Datateam Business Media Ltd [2014] EWCA Civ 281
Can data be retained by a supplier pending payment of fees
Lien on intangible data
Not for now, but…
…watch this space
Comfort for customers; pointer for suppliers
Latest developments – data lien case
Model Clauses
– 2010 Model Clauses – EEA controller to non-EEA processor, with non-EEA sub-processor
– A29WP addressing EEA controller to EEA processor, with non-EEA sub-processor
– Working document
– Uptake?
Safe Harbor
– Renegotiation post-Snowden
– Transparency, clarity on government access, active audit and enforcement
– Publishing of privacy provisions of contracts with subcontractors
Latest developments – Model Clauses and Safe Harbour
Drug trafficking investigation
Warrant issued in New York for emails held in Dublin data centre
Microsoft resisting – Verizon assisting
Impact on trust in US cloud providers
Efforts on encryption
Latest developments – Microsoft in Dublin
Proposed Cybersecurity Directive
Part of Digital Agenda
National authorities and computer emergency response teams
Article 14 – “market operators” obliged:
– to take measures which guarantee a level of security appropriate to the risk
presented
– to notify of “incidents having a significant impact on the security of the core
services they provide”
Latest developments – cybersecurity
Market continues to develop
Rate of change unlikely to lessen
Shaping the market:
– Market power
– Legislative intervention
– Technological development
Speed, unpredictability – watchful eye required
What next?
Speakers
Calum Murray
Head of Commercial
Technology
020 7710 1615
Chris Hill
Senior Associate,
Commercial Technology 020 7710 1636
Glen Robinson
Solution Architect Manager,
Amazon Web Services