Legal Risks of Cloud Computing

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we want to talk about
00:00
the legal risks of Cloud computing.
00:00
In this lesson, we're going to talk about
00:00
the common legal risks associated
00:00
with the Cloud computing,
00:00
the impact that those risks can have in a company,
00:00
and then some important considerations
00:00
to address those risks.
00:00
We've talked about a lot of
00:00
different risks in the Cloud,
00:00
and some of these have come up before.
00:00
However, we want to focus on the legal dimension of
00:00
these risks throughout this module
00:00
and in this lesson in particular.
00:00
First and foremost are data privacy laws,
00:00
there are many different laws when it comes
00:00
to data privacy where the regulation of specific data,
00:00
and that is very true in
00:00
Cloud environments where there can
00:00
be a lot of data that's
00:00
stored in different geographic locations.
00:00
Different countries have different expectations
00:00
when it comes to privacy and
00:00
different regulations when it comes to
00:00
the protection of data in Cloud environments,
00:00
then there are regulatory failures.
00:00
Based on the industry and the type of information that
00:00
you and your organization are
00:00
collecting and processing and potentially storing,
00:00
it opens you up to
00:00
various regulatory and compliance requirements.
00:00
Failing to read these regulations
00:00
can result in penalties or
00:00
potentially jail time for some of
00:00
your executives depending on
00:00
the nature of the regulatory failure.
00:00
Then, an important concept to consider
00:00
in the Cloud are service level agreements.
00:00
The service level agreement referred to as the SLA,
00:00
is a document that you provide to
00:00
your customers or have
00:00
with other providers that provide you services.
00:00
This agreement lays out the metrics related to
00:00
performance quality with your organization
00:00
in terms of availability,
00:00
the types of information that's collected,
00:00
how quickly you'll respond to
00:00
complaints or inquiries
00:00
regarding and impacting performance.
00:00
These agreements, if violated,
00:00
can open up your organization to lawsuits,
00:00
the same as to providers who
00:00
fail to honor their service level agreements.
00:00
When we talked about infrastructure,
00:00
we talked about how five nines of availability,
00:00
which translates to only six minutes
00:00
of unscheduled downtime in a year,
00:00
is really the standard for availability in the Cloud.
00:00
That's a common metric you'll see
00:00
reflected in service level agreements.
00:00
Lastly, we want to talk about vendor contracts.
00:00
One of the major advantages of
00:00
the Cloud environment is that you're using
00:00
someone else's physical infrastructure
00:00
and the Cloud service provider.
00:00
Then, you may be either building or
00:00
using Cloud-based applications
00:00
or development environments.
00:00
Well, all of these things are often
00:00
maintained by vendors or other third parties.
00:00
In terms of the risks that are associated with that,
00:00
all the risks that we've talked about that may be
00:00
applicable to your Cloud environments,
00:00
those risks and control should also
00:00
be implemented by your vendors.
00:00
But if you're not protecting yourself through good,
00:00
due diligent, and strong contracts,
00:00
you really are multiplying
00:00
many of the risks associated with operating
00:00
the Cloud if you don't use contracts to
00:00
enforce appropriate risk and control measures
00:00
in Cloud environments.
00:00
Let's reflect for a moment.
00:00
What's the legal risks discussed
00:00
apply to your organization?
00:00
Does your organization operate
00:00
in a highly regulated industry?
00:00
What vendors are you using in
00:00
the Cloud and what risks
00:00
are associated with those vendors?
00:00
Are you using the contracts you have with them
00:00
to protect your organization appropriately?
00:00
What agreements do you have with your customers,
00:00
and what level of performance are
00:00
you accountable for providing to them?
00:00
Are you doing adequate testing to ensure
00:00
that you're meeting your obligations
00:00
and your service level agreement.
00:00
Second, what regulations might
00:00
apply to your business or industry?
00:00
Most people are familiar
00:00
with the regulations that apply to their industry.
00:00
However, they may not always be completely aware of
00:00
any data that can open up
00:00
their company to different regulatory burdens.
00:00
We're going to go into detail on
00:00
which pieces of data apply
00:00
to which regulations later in this module, however,
00:00
companies need to be aware
00:00
of the data in their environments and
00:00
any applicable regulations in order to
00:00
avoid the risks of penalties.
00:00
Then last question is,
00:00
have you read your organization's
00:00
service level agreement?
00:00
Many times, the fulfillment of
00:00
a service offered in the Cloud environment can feel
00:00
separate from your role
00:00
depending on what you're accountable for.
00:00
But it's really important to
00:00
read your organization service level of
00:00
agreement to understand what level
00:00
of security and performance
00:00
that you have promised your customers to ensure
00:00
that you are implementing the controls and
00:00
operational procedures
00:00
>> to meet that agreement faithfully.
00:00
>> In summary, we talked about the common legal risks
00:00
associated with the Cloud.
00:00
We talked about how these legal issues
00:00
can impact your organization and what you
00:00
should really consider from
00:00
a legal perspective when using the Cloud.
00:00
I'll see you in the next lesson.
Up Next