The document provides an agenda for a conference on cloud computing. It discusses:
1) Financial perspectives on cloud computing from Morgan Hill, focusing on understanding real IT costs.
2) Legal and security considerations for cloud computing from Taylor Wessing, including issues around data location, security, retention, and contractual terms.
3) The technology behind Amazon Web Services' cloud platform, including its scalable and reliable infrastructure services.
It emphasizes the importance of understanding an organization's real IT costs in order to evaluate potential cost savings from cloud computing solutions. Legal and practical security issues also need clear consideration to safely utilize cloud services.
IAC 2024 - IA Fast Track to Search Focused AI Solutions
The cloud: financial, legal and technical
1. 1 Agenda 09.00 - 09.30 Coffee 09.30 - 09.40 Introduction 09.40 - 10.20 Morgan Hill: The Financial Case 10.20 - 11.00 Taylor Wessing: Legal and Security Considerations and how to combat them 11.00 - 11.20 Coffee 11.20 - 12.00 Amazon: The Technology Behind The Cloud 12.00 - 12.30 Panel session 12.30 Lunch
2.
3.
4. This will lead to more choice and lower IT costs for organisations – how?- Limited to no contractual lock in - on demand, pay as you go services - Transparent and comparable pricing - Brings the open source world further into the commercial mainstream - Provides infrastructure, software and people, all on demand - Removes geography and enables price arbitrage A key factor in benefiting from this is the ability to really understand the cost of IT. Without an holistic and comparable view of cost it is very difficult to know which choices to make
5.
6. And even harder to know if this cost is reasonable.
10. Arrival of new technologies, which often possess very different pricing models5
11.
12. However, it is rarely able to convert these costs into specific IT services, such as the cost of running a data centre or of running a particular application.
13. The figures generally have little information on the question of value, i.e.Is this the right sort of level of cost? 6
14.
15. Yet it does not usually have the detailed financial data which easily maps to the services it runs.
16. This can then make it difficult for those outside the IT organisation to appreciate where the budget goes. 7
17. 1. By combining financial information with IT services information we can provide cost transparency and show the real value of IT. 2. It is then easy to make financial comparisons of alternative IT services, vendors and new technologies. 8
18.
19.
20. Not only can we see where opportunities might exist to extend internal best practice, but we can also drill into high cost units and explore the financial impact of alternative technologies.
21. We will now drill into Data Centre costs above for Division B.10
22.
23. In this case backup, failover and archive at £265k look like good potential candidates for the Cloud.11
24.
25. A comparable reserved Amazon Web Services instance would cost less than 10% of this figure – with no Capex. 12
44. A clear view Key questions for any business: What technical benefits does it bring? What commercial benefits does it bring? What legal challenges does it bring? In order to utilise the Cloud safely, it is essential to have a clear view of the legal challenges, and to take steps to address those challenges
45. What are the legal issues? Not new - Outsourcing / SaaS / Gmail / Linkedin Not complicated - Although some lawyers might suggest otherwise Not barriers - Just hurdles Based almost entirely on practical risks that you should be worrying about anyway - Business continuity - Location of data - Security of data … ok, and a few some compliance issues….
46. The issues: death, taxes and data protection… Supplier due diligence Contractual terms available Who will you be dealing with? Data location Data security Data retention Interoperability Vendor lock-in and exit Audit and compliance issues Project planning
47. 1. Supplier due diligence Who is your supplier? Where are they incorporated? Do they have deep pockets? Who owns them? Do you need a legal opinion / guarantee / other comfort? Some suppliers will go off-piste …… but it will be a trade off …… you may not get the contractual terms you want, so doing your homework can be more important
48. 2. Contractual terms available A commoditised market drives value ….. but this has meant commoditised terms of supply You may be outsourcing a core service, so you need to: - maintain a reasonable level of control and flexibility - have a stick to waive - be able to get out easily, if you need Terms to focus on: - Weak warranties / service levels - No liability for key risks - Insufficient data security obligations - Insufficient DR provisions - Limited ability to down-scale - Export of data (see later) - Limited rights to terminate - Weak exit / transition obligations But value drivers may make negotiation unrealistic, so do your homework
49. 3. Who will you be dealing with? Who’s actually going to provide the service? Will the cloud supplier be prime contractor or a sub-contractor? Do you care if the supplier sub-contracts? Do you care if they’re sold? Are you concerned if they are supplying a competitor? particularly on shared servers what does the contract say?
50. 4. Data location Data Protection Act 1998: (stay awake…) “personal data shall not be transferred to a country outside the European Economic Area unless that country provides an adequate level of protection for the rights and freedoms of data subjects ….. ” - a cloud model may involve export of data outside the EEA - most countries outside the EEA don’t pass the EU test, including the US Don’t worry, there are some ways to comply: - some suppliers give you a choice (but some don’t) - is consent possible? - use specific approved contractual provisions - US Safe Harbour scheme … if not then choose a supplier in the EEA, but check contract terms Random risk: maritime law!
51. 5. Data security Data Protection Act 1998: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data or accidental loss or destruction of, or damage to, personal data” “Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to … the harm that might result … and the nature of the data” “Where processing of personal data is carried out by a data processor on behalf of a data controller , the data controller must .. choose a data processor providing sufficient guarantees in respect of security measures ..and … take reasonable steps to ensure compliance with those measures”
52. 5. Data security (continued) Security also covers access control – who within your organisation can access the data in the cloud? So, you need to: - remember that you are responsible for data security, not your supplier - modify your data security policies to reflect the cloud model - ensure your supplier: - takes data security as seriously as you do, complying with any security policies you may have - implements state of the art security, which you can monitor - will help you co-operate with regulators, if needed - agrees to do all of this in writing, in the supply contract - do your homework
53. 6. Data retention There are lots of different reasons why you need to retain data: general record keeping tax contractual enforcement risk of disputes specific regulation in some industries So you should have a data retention policy You need to ensure your supplier can follow that policy
54. 7. Interoperability The hot potato No widely accepted interoperability standards for data … yet No legislation …. yet How important is interoperability for your cloud model? Does the contract support your needs? If not does it allow you to require it when relevant in the future?
55. 8. Vendor lock-in and exit A shoot from the same hot potato How practical will it be for you to exit and move to another supplier? Have you developed an exit / transition plan? What would the supplier need to do? Has the supplier agreed to perform the plan? Might the plan need to change? What does the contract say?
56. 9. Audit and compliance issues There’s a whole bunch of laws out there Data protection Taxation Evidence requirements in litigation Competition laws / dawn raids Data retention National security Money laundering Your compliance team should be aware of those applying in your home country ….. but locating your data elsewhere may bring you under laws of other countries As a rule of thumb these laws are generally concerned with simple questions: where is your data? who is holding it? can you access it? can regulators access it? is it secure from unauthorised access? ….. again, all primarily driven by practical issues that should be important anyway
57. 10. Project planning As we’ve seen, the legal issues: - are largely driven by practical questions - and can be addressed relatively easily in many cases, if thought about in advance Therefore, it is key: - to involve your legal department at an early stage - to ensure they understand what it is you’re trying to do - and to avoid them being the business prevention unit….
58. Thanks for listening Graham Hann Partner Taylor Wessing LLP 5 New Street Square London EC4A 3TW www.taylorwessing.com t: +44 20 7300 4839 m: +44 (0) 7904 065846 e: g.hann@taylorwessing.com
60. Amazon’s Three Businesses Consumer (Retail)Business SellerBusiness Developers &IT Professionals On-demand infrastructure for hosting web-scale solutions Hundreds of thousands of registered customers Tens of millions of active customer accounts Seven countries: US, UK, Germany, Japan, France, Canada, China Sell on Amazon websites Use Amazon technology for your own retail website Leverage Amazon’s massive fulfillment center network
61. Predicted Demand Traditional Hardware Actual Demand Automated Elasticity Large Capital Expenditure Opportunity Cost You just lost customers Typical Dilemma:Predicting Infrastructure Needs Infrastructure Cost $ Time
62. Cloud Computing Defined a style of computing where massively scalable IT-related capabilities are provided ‘as a service’ across the Internet to multiple external customers. Gartner 2008 - On demand - Pay as You Go
66. Build new app Buy an app to run on AWS Move existing app onto AWS
67. Development & Test Backup Web Site Hosting Disaster Recovery Load Testing Application Hosting Marketing Campaigns Content Delivery Collaborations Media Distribution Software Distribution HPC Batch Data Processing Large Scale Analysis
68.
69. Key benefits to running in the AWS Cloud Lowers Cost Eliminates Capital Investment Reduces Operational Costs Increases Agility Reduce Time to Market Removes contraints Foundation for21st Century Architectures Removes the “Heavy Lifting” Leverages Scalability, Reliability and Security
70. What could my financial benefits be? For single AWS proof of concept use http://aws.amazon.com/economics/ For larger IT consolidation initiatives http://www.morganhill.co.uk/it-cost-control/