Cloud computing is the present and future of IT, a utility service that promises unlimited, cheap, and reliable IT services for all. But at present, there still are significant risks involved in the use of cloud computing for organizations, including legal and business risks. Executives, and the...
Cloud computing is the present and future of IT, a utility service that promises unlimited, cheap, and reliable IT services for all. But at present, there still are significant risks involved in the use of cloud computing for organizations, including legal and business risks. Executives, and the lawyers and risk professional who advise them, must understand how to identify, assess, and respond to these risks in their own organizations and in cloud service providers and do so in a globally-aware manner. The updated and revised second edition of this popular book now covers:
- Big Data
- Personal clouds
- Bring your own device (BYOD)
- Critical infrastructure
- Cyber insurance
- Health IT
- Cloud taxation, and much more
This important resource introduces cloud computing, not only what it is but when to use (or not use) it and the financial implications to consider. It covers the applicable statutes and regulations that affect organizations using the cloud, including privacy, information security, breach notification, cross-border data transfers, blocking statutes, and cloud-specific laws, cases, and activities. Information risk and response in the cloud, including privacy and information security risk assessment, controls, and standards, are discussed and analyzed through specific cloud frameworks and a suggested approach to manage cloud information risk. Data preservation and disclosure requirements through e-discovery and records requests and data breach response in the cloud are discussed along with cyber insurance, forensics, and business continuity. Detailed contract provisions for each cloud service model from leading providers and negotiated cloud agreements are presented and analyzed. Real-life scenarios for a large multinational organization and a small and medium-size enterprise, from cloud-specific requirements to cloud contract, are presented in detail. The book closes by discussing lawyers' use of the cloud, including legal ethics, individual consumer cloud usage, and how to get started with the cloud. This book presents the information and analytical tools needed by lawyers and risk professionals to guide their executives and organizational clients in assessing, treating, and negotiating cloud computing services using risk-based methodologies.