Professional Documents
Culture Documents
By
Cade Zvavanjanja
CISO
Gainf
ul
Infor
matio
“Cloud Computing” can
mean different things
SaaS, PaaS, IaaS
Public Definitions:
NIST
Berkeley
ABA Legal Tech
Resource
Center
Service & Deployment
Models:
Private, Public, Hybrid
STORED AT
IRON
MOUNTAIN?
Acces s
Data Location
Custody
Greater
and
Control
Differentiation
Multi-Tenancy
Capability
Location issues
Operation issues
Legislative/Regulator y
issues
3rd par ty contractual
limitations
Security/Privacy issues
Litig ation/Investig ative
issues
Authentic ity/Ad missib il
ity issues
WHEN BAD
EVIDENCE
General Considerations
Potential Liability for
Spoliation
Minimize Risk by
Addressing Up Front
the Need to
Preserve and
Produce ESI
Remedies for Spoliation
FORENSIC
EXAMINATION THE
CLOUD?
SERVICE LEVEL
AGREEMENT
CONSIDERATIONS
Use of data/Security
Location of data
No change of terms
Destruction
Ownership
(assignment)
Subpoena response
Regulatory
requirements
Insurance/In
demnity
Audits
SLA should contain:
Review and summary of cloud service level agreements, From "Cloud Computing Use Cases
Whitepaper" Version 4.0,
Currently, the standard contracts offered by cloud
computing providers are one-sided and service
provider-friendly, with little opportunity to change
terms.
Few offer meaningful service levels or assume any
responsibility for legal compliance, security or data
protection. Many permit suspension of service or
unilateral termination, and disclaim all or most of the
provider's potential liability.
In addition, some cloud computing providers
emphasize low cost offerings, which leave little
room for robust contractual commitments or
customer requirements.
Security & Control
No uniform standard for security and compliance
Eml: info@gis.co.zw
cade@gis.co.zw
Web: www.gis.co.zw