What are XaaS and what are their legal implications?

“Everything as a Service,” or XaaS (Anything as a Service), is a description of a general category of products and services that are closely related to cloud services and remote access.

Cloud services are programs that are hosted on a server and accessible from any device connected to the Internet. Their greatest benefit is that they all offer the end user the functionalities and capabilities appropriate to their specific needs.

What is XaaS?

The term emerged after certain technologies and innovations were connected through networks and together oriented to become products and services.

When these technologies are accessed through the Internet, the term immediately arises Cloud computing, which is closely related to the XaaS.

XaaS uses the cloud instead of installing local software to offer various products and services. Although not everything in the cloud comes in the form of a XaaS, most definitely make use of it in order to provide the product or service to the customer.

How Does It Work?

The products and services of the XaaS They are usually online platforms that are available at all times so that users who connect can have an easy-to-use workspace that is often located directly in their browser.

When making changes or downloading data from that workspace, the browser will send the request to the platform XaaS, which will run either on local servers, at a cloud provider, or on a web-based network.

Since all types of XaaS They have in common the “on-demand” model, these provide important advantages for their users given that they do not have to make significant disbursements in the implementation of infrastructure, hardware, software or in their maintenance, on a constant basis.

This “on-demand” model was widely accepted in the market because it works according to the use of the platform since, for example, if the company uses the service for a certain time, it will only pay for the time of use.

What types of XaaS exist?

As mentioned above, any technological function can be transformed into a XaaS, so the list of examples is very extensive.

However, there are several categories of cloud computing models, such as:

• Software as a Service (SaaS). It is the type of platform XaaS most common; in it, companies integrate products into their technology stack and use the software to streamline business operations without developing the software from scratch.
• Platform as a Service (PaaS). This type of XaaS offers users a cloud-based solution that allows them to build applications, software, and other engineering projects on the platform (rather than building their own platform), and where they offer their clients all kinds of services, from servers to storage, database functionality, etc.
• Infrastructure as a Service (IaaS) - Provides infrastructure in the form of network and storage-based solutions, typically offering computing power to develop, run and scale products.
• Analytics as a Service (AaaS). Businesses are turning data into information and using that information to make business decisions. With a shift towards digital solutions, businesses are using such products to track their key business metrics.
• Desktop as a Service (DaaS). Companies that offer this service allow users to manage their entire workforce through a secure web browser. Employees individually log into a browser when they report to work, which makes it easy for them to access necessary files, programs, and software, even when they are out of the office.
• Functions as a Service (FaaS) – These types of businesses allow companies to leverage specific features or outcomes without requiring them to develop or run the application.
• Storage as a Service (STaaS). Companies turn to STaaS providers for their storage solutions. Offloading some data to a storage partner STaaS reliable can free up internal resources and reduce costs.
• Containers as a Service (CaaS). All software code is packaged together in “containers” to be read and executed anywhere. Code, library, and dependencies are packaged together in a container on this platform to be read and executed when needed.
• Database as a Service (DBaaS). DBaaS solutions allow businesses to organize, filter, and store customer data in software that is easily accessible and retrievable by the right employee. Businesses that use DBaaS software won't have to build their database from scratch. Instead, they can customize and create a custom database in the cloud using a trusted DBaaS solution.
• Authentication as a Service (AaaS). AaaS companies offer users the ability to deploy access control solutions on their platform. It gives them the flexibility to control who can use the product across all devices and networks.

Apart from these categories, there are other examples such as disaster recovery as a service (DRaaS), network as a service (NaaS) and monitoring as a service (MaaS), among many others.

General legal implications for all types of XaaS

Intellectual Property

Intellectual Property is an intangible right that aims to offer protection to the authors of creations that are generally known as "works", in this case, the platforms XaaS which will function as software through the cloud. The law empowers the owner of these rights to authorize others to use their creations and ideas and, thus, allow us to make use of the different platforms XaaS.

Since a company that provides services of XaaS may or may not be the sole owner of the exploitation rights of the complete service, it will be important to ensure that the set of elements being used to provide the service has the rights to be able to exploit it and license it to third parties.

There is still a long way to go in terms of legislation on new technologies that emerge every day, especially those that are in transit within the cloud, such as XaaS.

It should be noted that when companies install illegal computer programs, they are reproducing software without the owner's authorization, incurring in software "piracy." Does using a XaaS within the cloud could fall under this legal assumption?

Software piracy is a term colloquially used to describe the unauthorized reproduction, distribution, marketing, and use of software in any way. This includes downloading, sharing, selling, or installing multiple copies of software.

In Mexico, the Federal Copyright Law establishes penalties of up to $1,792,400.00 pesos for each infringement; in addition, the Federal Penal Code establishes a catalogue of criminal conduct related to Copyright.

By collaborating with a XaaS, the use of the software will be granted without obtaining legal ownership of it. However, it is possible that within the service offering new versions or functionalities may be created together, creating a need to clearly define who will enjoy the property rights of these new versions or creations.

Service Level Agreements

Service level agreements (SLAs) are a fundamental part of information technology (IT) service management. They are formal, structured contracts between two parties, where one of them, in this case the IT service provider, is responsible for the performance of the service. XaaS, undertakes to provide one or more services at a mutually agreed level. These agreements define what users and customers can expect from IT services and provide regular feedback to suppliers, customers and stakeholders on how well they are meeting expectations for these services.

Because companies XaaS As providers often offer an integrated set of services, service levels for each aspect of these services should be set out in understandable and measurable terms through a Service Level Agreement. This can range from the availability, capacity and support provided for a specific electronic solution, to the delivery times for specific hardware.

Likewise, it is of utmost importance to include the remedies and sanctions that will take place in the event that the company XaaS fail to meet agreed service levels. Unfortunately, as this is a new service, the provider can skew the contract in its favour by claiming that its service is constantly evolving. The way to mitigate this risk is to add clauses that terminate the contract if the provider at any time lowers the level of protection or provides poor quality service to the initially contracted party.

Within this scope, it is essential to consider the provisions for expiration, termination and exit from the contract. Due to the outsourcing of a specific function as a service, the client becomes more dependent on the XaaS, as it has not invested the relevant tools in the company to maintain or control the specific outsourced function. Therefore, it is important for the client to understand the ways in which the business relationship with the service provider XaaS may come to an end and what the implications of this are.

Subcontractors and integration

Although XaaS offer a single package of services to the client, the service provider may work with subcontractors to provide all services that are part of the subscription package, so the identity of all subcontractors must be verified, as well as the contractual relationship with and between all subcontractors to ensure that there are no legal loopholes of any kind.

Privacy and protection of personal data

It is important to ensure that appropriate security and data protection solutions, such as encryption, authentication and authorization requirements, data duplication, data backup, data retention, data restoration and security incident management, are part of the package offered to the customer by the XaaS.

It is also important for the customer to understand where and how this data is stored, as well as the laws that may apply to data stored overseas. Data stored overseas may present practical difficulties, as other state laws may impose additional compliance requirements.

Ownership and handling of data should also be regulated in the agreement, as the client must remain the sole owner of its own data, and obligations regarding data confidentiality should be included.

Private Network Security

Cloud computing eliminates the private network layer traditionally used by businesses, which raises concerns especially when working outside the office and not accessing the cloud through a VPN.

One of the solutions that have emerged are managed private clouds, which are services customized to each company where, in addition to the advantages offered by the cloud, improved security is integrated: isolated storage, web application firewalls, intrusion detection systems, among others.

Conclusions

The scope and nature of service XaaS It is reflected differently for each type of service and its parties. The conclusion of an agreement of this type constitutes a major commitment by both parties that should not be taken lightly, and even more so if the intention is to establish an efficient long-term business relationship that benefits both the provider and the user of the services. XaaS.

This leads us to conclude that the contracts to be concluded must be customized and adjusted to the different needs that are sought to be satisfied. Therefore, it is imperative that clients and service providers take care and devote sufficient time to drafting, discussing and negotiating a service agreement. XaaS among them before their celebration, through a team highly specialized in this type of contracts.

Sources:

• Duo, Matteo. “XaaS: The Everything as a Service Model (with 10 example categories)”, Recovered from: https://kinsta.com
• “Do you know XaaS? It is the evolution of cloud computing,” Recovered from: https://skyone.solutions.com
• “What is Everything as a Service (XaaS)?” Recovered from: https://www.netapp.com
• “The Use of Illegal Software in Companies and its Legal Implications”, Recovered from: www.mxindustria.com.mx
• “Hire XaaS and don’t die trying”, Recovered from: https://blogs.deusto.es/