Legal Cloud Central : Cloud Computing & Technology Attorneys & Lawyers : K&L Gates Law Firm

By Sam Jo

Cloud contracts present a variety of issues, including several business issues that companies should address in the early stages of any cloud strategy.  Below are a few best practices that companies should consider when pursuing cloud contracts.

• Email This
• Print
• Comments
• Trackbacks

K&L Gates lawyers Nickolas Milonas, Marc Martin, and Paul Stimers have posted an article at TMT Law Watch covering the recent Cyberspace Executive Order signed by President Obama.  "Cybersecurity Executive Order Aims to Increase Information Sharing and Strengthen Defenses" addresses  the contents of the order as well as the reception by industry groups, privacy groups and legislators.  A key part of the Executive Order is the requirement that NIST develop cybersecurity best practices within the next eight months:   

 

The order also directs the Commerce Department’s National Institute of Standards and Technology (NIST) to work with companies that operate critical infrastructure components in developing a set of cybersecurity best practices within 240 days of the order. The order requires that NIST’s framework be “technology neutral” and focused on “cross-sector security standards and guidelines applicable to critical infrastructure.” As part of this process, federal agencies will need to review their existing cybersecurity regulations, in consultation with the industries they regulate, to determine if existing measures are consistent with NIST’s new standards.

 

These best practices will certainly filter down to cloud providers and could eventually be viewed as the minimum industry standard security practices for the cloud industry.  For this reason, cloud providers and cloud customers should pay special attention as they develop.

You can read the full article here.

• Email This
• Print
• Comments
• Trackbacks

A recent Symantec survey shows some troubling issues in cloud usage among businesses, including "rogue clouds" and how using them them might expose a company's confidential information.

• Email This
• Print
• Comments
• Trackbacks

By Chad King and Nickolas Milonas

The United States and Japan recently concluded a Director General-level meeting of the US-Japan Policy Cooperation Dialogue on the Internet Economy, addressing cloud computing and other Internet-related issues. The Cooperation Dialogue is focused on developing bilateral Internet policy initiatives and includes senior-level US and Japanese government officials and industry representatives. As part of a working group on cloud computing issues, representatives from US and Japanese industries submitted a joint report to the US and Japanese governments, which highlighted the benefits of robust and widely-adopted cloud computing services but cautioned against the potential adverse impacts of increased EU privacy regulations on the deployment and adoption of cloud services.

• Email This
• Print
• Comments
• Trackbacks

The upcoming national election not only determines who will sit in the Oval Office and on Capitol Hill. It will also impact every emerging technology company, their investors and American innovation for years to come.  

You are invited to a Webinar on November 7th -- the day after the election -- to hear how the election's results will impact a wide range of emerging technologies, including cleantech/renewable energy, healthcare/biosciences, and emerging IT/cloud computing.

• Email This
• Print
• Comments
• Trackbacks

By Katie Taylor

SaaS, PaaS and data hosting providers stress the significant efficiencies to be gained from cloud computing when marketing their services. Depending on the cloud computing system you are considering, however, a number of features may have a significant impact on your company’s ability to comply with electronic discovery obligations should it be sued or subpoenaed.

• Email This
• Print
• Comments
• Trackbacks

By: Susan Altman

As we reported last year, state bar associations are weighing in on the ethical duties of a lawyer performing legal services in the cloud. California is the latest state to issue a formal opinion on the matter. This new advisory opinion by the Standing Committee on Professional Responsibility and Conduct of the State Bar of California focuses on issues raised by virtual law offices and further comments on the broader use of cloud technology in traditional law firms.

• Email This
• Print
• Comments
• Trackbacks

By Mark H. Wittow

Banking services increasingly are being provided via the cloud. The ability of banking customers to access accounts and transfer funds from any computer, via cloud-based online banking, also has increased the opportunities for fraudulent transfers. Who bears the liability when thieves gain unauthorized online access to a business account -- the business customer, or the bank? In a post on our Consumer Financial Services Watch blog, my colleague Holly Towle looks at a recently issued appellate decision (Patco Construction Co. v. People's United Bank (1st Cir. July 3, 2012)) addressing liability for several hundred thousand dollars of fraudulent withdrawals from a construction company's bank account. The decision applied the principles of Article 4A of the Uniform Commercial Code to determine that the bank's security procedures were not reasonable, and remanded the case for consideration of other issues.

• Email This
• Print
• Comments
• Trackbacks

 By Susan P. Altman

In an earlier post, Starting Out is the Hardest Part, Todd Fisher discusses the importance of the implementation phase to the success of a SaaS launch. Vendors who have implemented their solutions many times over should be able to provide detailed estimates of the implementation plan once they have performed sufficient due diligence on the customer. This due diligence certainly should be performed prior to contract execution for any important function or application moving to a SaaS solution. However, not all SaaS solutions are mission-critical and not all implementation planning is done before execution of the SaaS contract. In these cases, the parties should consider alternative risk-reduction approaches.

• Email This
• Print
• Comments
• Trackbacks

By: Dr. Friederike Gräfin von Brühl

In an effort to ease concerns regarding security of personal information, some European companies and cloud providers are pushing for a “German Cloud” where customer’s data is held in data centers located only in Germany. This would not only help companies comply with Germany’s strict data protection requirements, but would also keep cloud data out of the reach of other governments, including requests by the US government under the US Patriot Act.

• Email This
• Print
• Comments
• Trackbacks

The Cloud Security Alliance (CSA), a non-profit coalition of industry practitioners, corporations, associations and other key stakeholders, today announced the CSA Open Certification Framework, an initiative aimed at allowing global, trusted certification of cloud service providers.  The CSA's goal is to increase trust and confidence in cloud security by providing for a level of security certification or attestation for cloud service providers similar to the SAS 70 / SSAE 16 standard in the public accounting industry.

• Email This
• Print
• Comments
• Trackbacks

Most people will read this title and assume I'm referring to the decision as to whether a company should move its applications to the cloud.  I'm not.  I'm actually referring to the implementation of the cloud solution -- the period of time after a customer signs a Software as a Service (SaaS) agreement until the point where the cloud solution is ready for production use.

• Email This
• Print
• Comments
• Trackbacks

The European Network and Information Security Agency (ENISA) is a center of network and information security expertise for the EU, its member states, the private sector and Europe's citizens that works to develop advice and recommendations on good practice in information security.  On April 2, 2012, ENISA published a guide to monitoring of security service levels in cloud contracts, in which ENISA sets forth a number of service levels that can be used to provide a monitoring framework for cloud customers. The main focus of the guide is on the public sector; however, much of the guide is also applicable to the private sector. 

• Email This
• Print
• Comments
• Trackbacks

By Samuel R. Castic

The FTC's final privacy report, Protecting Consumer Privacy in an Era of Rapid Change--Recommendations for Businesses and Policymakers, was released this morning (link here).  The announcement is at http://www.ftc.gov/opa/2012/03/privacyframework.shtm.

• Email This
• Print
• Comments
• Trackbacks