Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013
|
|
- Abel Miles
- 8 years ago
- Views:
Transcription
1 Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013
2 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple cloud standards-defining bodies Establish criteria for open-standardsbased cloud computing 400+ Organizations participating 2011 Deliverables Practical Guide to Cloud Computing Cloud Computing Use Cases 2012 Deliverables Practical Guide to Cloud SLAs Security for Cloud Computing:10 Steps to Ensure Success Impact of Cloud Computing on Healthcare 2013 Deliverables and Projects Public Cloud Service Agreements: What to Expect & Negotiate Convergence of Cloud, Mobile and Social whitepaper Cloud Security Standards Landscape whitepaper Big Data working group
3 CSCC Practical Guide to Cloud SLAs Practical Guide to Cloud SLA s: A reference to help enterprise IT analyze Cloud SLAs (Published in April 2012) 10 Steps to Evaluate Cloud SLAs 1. Understand roles and responsibilities 2. Evaluate business level policies 3. Understand service and deployment model differences 4. Identify critical performance objectives 5. Evaluate security and privacy requirements 6. Identify service management requirements 7. Prepare for service failure management 8. Understand the disaster recovery plan 9. Define an effective management process 10. Understand the exit process "Cloud service level agreements are important to clearly set expectations for service between cloud consumers and providers. Providing guidance to decision makers on what to expect and what to be aware of as they evaluate and compare SLAs from cloud computing providers is critical since standard terminology and values for cloud SLAs are emerging but currently do not exist. Melvin Greer, Senior Fellow and Chief Strategist, Cloud Computing, Lockheed Martin
4 Public Cloud Service Agreements Current Landscape Agreements offered by Public cloud providers often viewed as unsatisfactory for mission critical workloads Today, most Public cloud service agreements are weighed heavily in provider s favor Provider s liability is limited Burden is on consumer for SLA violation notification and credit request Common industry-wide terminology does not exist Difficult for consumers to compare guarantees and limitations across providers Language about service levels is often distributed among several documents Customer Agreement, Acceptable Use Policy, and Cloud SLA Difficult for consumers to locate critical clauses "Today, customers complain regularly that SLAs are just another form of vendor boilerplate and that it is difficult if not impossible to get much modification That doesn t mean we don t need SLA s; we do. It's important we make it clear what is going on now versus what we would like to see/influence for the future and when we are hoping that future will occur." Amy Wohl, principal consultant of Wohl Associates
5 Motivation and Contents Why Another Paper on Cloud Agreements? Pick up where the Practical Guide to Cloud SLAs left off, but follow the same 10 steps Help cloud adopters focus their efforts in areas where it is possible to discuss better language Base recommendations on a thorough analysis of actual agreement language Contents See at right 29 pages
6 Steps to Evaluate & Negotiate Public Cloud Agreements 1. Understand Roles & Responsibilities 2. Evaluate Business Level Policies Acceptable Use Policy (AUP) is primary artifact that requires thorough review Content Prohibitions Security Prohibitions Service Integrity Prohibitions Rights of Others Prohibitions AUPs have little consistency in wording although there is a clear pattern to the types of provisions they include Consumers should exercise caution and thoroughly review every provision before agreeing to an AUP: Clarity Brevity Completeness Focus Four specific polices, contained primary in provider s Customer Agreement, are key: Data policies Changes to services, APIs or agreements Suspension of services Limitations of Liability Data Policy: Specify physical location of content Cloud provider should not access consumer s data unless required by law Changes to Services, APIs, Agreements: Advance notice (30 days) Backward compatibility Suspension of Services Advance notice (30 days) Sufficient time to address (60 days) Consumer data will not be deleted Limitations of Liability Compare Aggregate Liability and Indemnification/Disclaimer clauses
7 Steps to Evaluate & Negotiate Public Cloud Agreements 3. Understand Service & Deployment Model Differences In general, service objectives specified in Public Cloud Agreements are very similar across all service models (IaaS, PaaS and SaaS): Availability is the primary objective included in all public cloud SLAs (regardless of service model) Step 4 highlights key observations & recommendations This paper focuses exclusively on Public Cloud agreements Private, Hybrid and Community Cloud agreements are out of scope 4. Identify Critical Performance Objectives Performance goals are specified in the Cloud SLA & have 4 key components: Service Commitments Credits Credit Process Exclusions Service Commitments focus exclusively on Availability for all service models Guarantees, Measurement Details & Observation Periods differ Credits are the sole form of compensation for missed service commitments Service credit calculations and maximum credit limits differ Credit Process requires cloud consumer to take specific action to receive credit Reporting timeframe & required information differ Exclusions similar across all provider SLAs
8 Steps to Evaluate & Negotiate Public Cloud Agreements 5. Evaluate Security & Privacy Requirements Security language is often spread among several documents: check for consistency and clarity. Most clauses obligate the consumer to protect the provider, not the other way around Ask what recourse you have if a provider decides unilaterally to interrupt your service due to an alleged violation Ask to be notified in case there is a security breach at the provider s end Ask what professional services you can get to help secure your content Ask about data restoration if an attack has deleted your content If you hold personal information about your own clients, how is it protected? Ask what measures prevent provider personnel from accessing your data 6. Identify Service Management Requirements Don t expect service agreements to specify much Be ready to perform your own due diligence to determine how the provider manages the levels of service Find out if the following are standard, optional, or not offered at all: Software maintenance / upgrades Backup/restore Disaster recovery (e.g., off-site backup) Data encryption Can provider change / remove components that impact your ability to function? Examine how availability and performance metrics are defined, and the impact on your business Certifications may be a sign of maturity
9 Steps to Evaluate & Negotiate Public Cloud Agreements 7. Prepare for Service Failure Management There is typically nothing in current service agreements Therefore, the burden is on the consumer Compensation is tied to the price of the service, not the impact on your business (as mentioned in Step 4) 8. Understand the Disaster Recovery (DR) Plan Use of a public cloud does not absolve the user from serious DR and Business Continuity planning Service agreements focus on limiting the provider s liability Together, these statements indicate an immature area, a need for serious discussion during agreement negotiation, and a need to plan your own measures
10 Steps to Evaluate & Negotiate Public Cloud Agreements 9. Define an Effective Management Process 10. Understand the Exit Process Agreements are typically silent about communication and escalation processes Potential areas for negotiation are: Regular status meetings Single point-of-contact designation Automatic notifications APIs or Web services for management queries In the absence of defined management interfaces, and for services that require strict notification, escalation and restoration procedures, public clouds may not be appropriate solutions Look for clear and manageable exit clauses Develop a migration plan in advance Look for one-sided terms, in which: Consumer pays a penalty to change provider Provider can stop the service at its discretion on short notice Think of how long it will take you to identify a replacement service and migrate data or applications How and when your data is removed from provider s systems is critical: Too early? Potential service discontinuity to your own users Too late? Potential security or privacy issues
11 Summary Expectations and Negotiation Considerations The contractual considerations contained in various forms directly influence cloud computing opportunities Read candidate cloud solution provider agreements early in the evaluation process Understand the specific definitions, constraints, limitations and credit policies Have open discussions with providers to identify areas of concern and what can be clarified, modified or negotiated Have open discussions regarding perceived gaps that may be critical to cloud consumers (Service Management for example) Recognize that the customization of agreements can adversely impact timeto-market and other cloud benefits Agreements are Critical Considerations, Providing Insights to the Future Cloud Relationship
12 Call to Action Join the CSCC Now! To have an impact on customer use case based standards requirements To learn about all Cloud Standards within one organization To help define the CSCC s future roadmap Membership is free & easy: Get Involved! Join one or more of the CSCC Working Groups Participate in monthly web conferences for all members Review and leverage CSCC resources Practical Guide to Cloud Computing V1 Practical Guide to Cloud SLAs V1 Public Cloud Service Agreements: What to Expect and What to Negotiate Security for Cloud Computing: 10 Steps to Ensure Success Impact of Cloud Computing on Healthcare Socialize the Public Cloud Service Agreements paper
13 Thank You
The Practical Guide to Cloud Service Level Agreements. May, 2012
The Practical Guide to Cloud Service Level Agreements May, 2012 1 CSCC Practical Guide to Cloud Computing Provides a prescriptive nine step plan for successful cloud deployments 1 2 3 4 5 6 7 8 9 Assemble
More informationPublic Cloud Service Agreements: What to Expect and What to Negotiate
Public Cloud Service Agreements: What to Expect and What to Negotiate March, 2013 Contents Executive Summary... 4 Current Anatomy of a Cloud Service Agreement... 5 Customer Agreement... 5 Acceptable Use
More informationPublic Cloud Service Agreements: What to Expect and What to Negotiate
Public Cloud Service Agreements: What to Expect and What to Negotiate March 30, 2013 Contents Executive Summary... 4 Current Anatomy of a Cloud Service Agreement... 5 Customer Agreement... 5 Acceptable
More informationInteroperability & Portability for Cloud Computing: A Guide. http://www.cloud-council.org/cscc-cloud-interoperability-and-portability.
Interoperability & Portability for Computing: A Guide http://www.cloud-council.org/cscc--interoperability-and-portability.pdf December, 2014 The Standards Customer Council THE Customer s Voice for Standards!
More informationCloud Service Rollout. Chapter 9
Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and
More informationCustomer Cloud Architecture for Mobile. http://cloud-council.org/resource-hub.htm#customer-cloud-architecture-for-mobile
Customer Cloud Architecture for Mobile http://cloud-council.org/resource-hub.htm#customer-cloud-architecture-for-mobile June, 2015 1 Presenters Heather Kreger CTO International Standards, IBM US SC38 mirror
More informationWeb Application Hosting Cloud Solution Architecture. http://www.cloud-council.org/web-app-hosting-wp/index.htm
Web Application Hosting Cloud Solution Architecture http://www.cloud-council.org/web-app-hosting-wp/index.htm February, 2015 Presenters Heather Kreger CTO International Standards, IBM US kreger@us.ibm.com
More information2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 14 September 2011 Presenters Alistair Maughan Morrison & Foerster
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationStandards for Big Data in the Cloud
Standards for Big Data in the Cloud James Kobielus Chair, CSCC Big Data Working Group Big Data Evangelist, Senior Program Director, Product Marketing, Big Data Analytics, IBM jgkobiel@us.ibm.com 15 October
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCloud Computing. P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r
C l a s s i f i c a t i o n I S O 2 7 0 0 1 : P u b l i c Cloud Computing Prospects & Challenges P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r 1 OUTLINE Cloud Definition and Classification
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationChecklist: Cloud Computing Agreement
Checklist: Cloud Computing Agreement crosslaw s checklists Date : 21 November 2015 Version 1.4 Tags : ICT Law Johan Vandendriessche Johan is partner and heads the ICT/IP/Data Protection practice. He combines
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationPractical Guide to Platform as a Service. http://cloud-council.org/resource-hub.htm#practical-guide-to-paas
Practical Guide to Platform as a Service http://cloud-council.org/resource-hub.htm#practical-guide-to-paas October, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide
More informationRelease 1. ICAICT814A Develop cloud computing strategies for a business
Release 1 ICAICT814A Develop cloud computing strategies for a business ICAICT814A Develop cloud computing strategies for a business Modification History Release Release 1 Comments This version first released
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationPublic Cloud Workshop Offerings
Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those
More informationCloud Computing Contracts Top Issues for Healthcare Providers
Cloud Computing Contracts Top Issues for Healthcare Providers North Carolina Bar Association Health Law Section Annual Meeting NC Bar Center Cary, North Carolina April 23, 2015 Presenters Kathryn Brucks,
More informationCloud Consulting Services
Cloud Data Center Business Intelligence Enterprise Computing Solutions Services Cloud Consulting Services Service Overview Embarking on the road to cloud computing is not a simple journey and shouldn t
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationCFOs and CIOs: How can you mitigate concerns when moving to the cloud?
CFOs and CIOs: How can you mitigate concerns when moving to the cloud? Contents Review: How do you know when to reach for the clouds? 3 Identify business objectives and use of technology to meet objectives
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationCloud Agreements: Do s, Don ts, and Cautions
Cloud Agreements: Do s, Don ts, and Cautions 4 th Annual Grand Rapids IT Symposium June 11, 2015 Nate Steed & Ken Coleman 2015 Warner Norcross & Judd LLP. All rights reserved. WNJ.com Disclaimer 2015 Warner
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationChecklist for a Watertight Cloud Computing Contract
Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.
More informationSee Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.
Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationBuilding the Business Case for the Cloud
Building the Business Case for the Cloud Alex McDonald Industry Standards, Office of the CTO, NetApp Author: Marty Stogsdill, Oracle SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationDaniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016
Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016 SLALOM is ready to use Cloud SLAs SLALOM will take theory to practice, providing a trusted verifiable starting point
More informationDeveloping SAP Enterprise Cloud Computing Strategy
White Paper WFT Cloud Technology SAP Cloud Integration Service Provider Developing SAP Enterprise Cloud Computing Strategy SAP Cloud Computing is a significant IT paradigm change with the potential to
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCloud Vendor Evaluation
Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationCA API Management SaaS
SaaS Listing CA API Management SaaS 1. Introduction This document provides standards and features that apply to the CA API Management SaaS offering ( Service ) provided to the Customer and defines the
More informationEnterprise Governance and Planning
GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationIBM Smartcloud Managed Backup
IBM Smartcloud Managed Backup Service Definition 1 1. Summary 1.1 Service Description The IBM SmartCloud Managed Backup service provides public, private and hybrid cloudbased data protection solutions
More informationCloud Computing ISO Security and Privacy Standards: 27017, 27018, 27001 Mike Edwards (Chair UK Cloud Standards Committee)
Cloud Computing ISO Security and Privacy Standards: 27017, 27018, 27001 Mike Edwards (Chair UK Cloud Standards Committee) Mike Edwards Senior Technical Staff Member, IBM Cloud Computing & SOA Standards,
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationCLOUD MIGRATION STRATEGIES
CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationBuying Guide for Cloud Services
BUYING GUIDE Buying Guide for Cloud Services Getting Started Welcome to the CompTIA Buying Guide for Cloud Services. If you are like most executives, buying technology often entails elements of excitement,
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationEngagement Name. DIR Customer Name
APPENDIX E SAMPLE STATEMENT OF WORK (SOW) FOR CLOUD ASSESSMENT SERVICES DIR DATE 1 Introduction Describe the cloud assessment services to be delivered to [Department/Agency] with regard to [Application
More informationEvolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationDEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE
DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE 1 Introduction and Instructions This sample Statement
More informationCloud computing. Advantages and disadvantages
Cloud computing Advantages and disadvantages CPA Australia Ltd ( CPA Australia ) is one of the world s largest accounting bodies representing more than 139,000 members of the financial, accounting and
More informationCloud Services and Business Process Outsourcing
Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April 28 2015 Presenter Kevin Wilkins, CISSP
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationReport on Hong Kong SME Cloud Adoption and Security Readiness Survey
Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly
More informationWeb Application Hosting Cloud Architecture
Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT Cloud Server This Service Level Agreement (this SLA ) governs the use of the Services under the terms of the Master Service Agreement (the MSA ) between Intermedia.Net, Inc. ( Intermedia
More informationBig Data in the Cloud Conference. Big Data Working Group
Big Data in the Cloud Conference + Big Data Working Group 1 CSCC Big Data in the Cloud Conference The Conference s goal is to help end-user organizations understand the current state and future directions
More informationHow To Use Adobe Software For A Business
EXHIBIT FOR MANAGED SERVICES (2013V3) This Exhibit for Managed Services, in addition to the General Terms, the OnDemand Exhibit, and any applicable PDM, applies to any Managed Services offering licensed
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT This service level agreement ( SLA ) is incorporated into the master services agreement ( MSA ) and applies to all services delivered to customers. This SLA does not apply to the
More informationMobile App Developer Agreements
Mobile App Developer Agreements By Alan L. Friel Many companies that have had disputes with developers have been surprised to discover that the agreements signed, often without input from legal, failed
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationRe: JEITA s comments on NIST Special Publication 500-293, US Government Cloud Computing. Technology Roadmaps Volume I/II Release 1.
December 2, 2011 Dr. Robert Bohn National Institute of Standards and Technology, Department of Commerce 100 Bureau Dr., Stop 2000, Gaithersburg, MD 20899-2000 (Via e-mail: ccroadmap.comments@nist.gov.)
More informationCloud Computing Safe Harbor or Wild West?
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
More informationDesigning Cloud Computing Solutions for Integration with SAP
Orange County Convention Center Orlando, Florida May 15-18, 2011 Designing Cloud Computing Solutions for Integration with SAP Bhavik Gupta ] Learning Points Understanding cloud solutions and considerations
More informationSecure Remote Backup (IL3) G-Cloud Lot3 IaaS
Secure Remote Backup (IL3) G-Cloud Lot3 IaaS Contents Service Definition... 3 An overview of the Remote Backup as a Service... 3 Key Service Attributes... 4 Information assurance... 5 Details of the level
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationSERVICE LEVEL AGREEMENT: Shared Exchange Hosting
SERVICE LEVEL AGREEMENT: Shared Exchange Hosting This Service Level Agreement (this SLA ) governs the use of the Services under the terms of the Master Service Agreement (the MSA ) between Global Data
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT Shared Exchange Hosting This Service Level Agreement (this SLA ) governs the use of the Services under the terms of the Master Service Agreement (the MSA ) between Intermedia Technologies
More informationStandardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)
Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,
More informationPublic Versus Private Cloud Services
Public Versus Private Cloud Services Table of Contents vs. What constitutes a Public Cloud versus a Private Cloud solution? When considering moving to a public Cloud infrastructure, what questions should
More informationA CIO s Cloud Decision and 7 Lessons Learned From Peers
A CIO s Cloud Decision and 7 Lessons Learned From Peers Find out what advice Wisegate members gave their fellow CIO about moving core applications to the cloud WISEGATE COMMUNITY VIEWPOINTS Introduction
More informationSoftware as a Service Decision Guide and Best Practices
Software as a Service Decision Guide and Best Practices Purpose of this document Software as a Service (SaaS) is software owned, delivered and managed remotely by one or more providers [Gartner, SaaS Hype
More informationCloud Computing: Compliance and Client Expectations
Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security
More informationThe Cloud Challenge: understanding what is "market"?
The Cloud Challenge: understanding what is "market"? ANDREW JOINT ED BAKER 05 / 03 / 2014 Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning
More information10 How to Accomplish SaaS
10 How to Accomplish SaaS When a business migrates from a traditional on-premises software application model, to a Software as a Service, software delivery model, there are a few changes that a businesses
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationStrategic Coverage 29 Cloud Services Common Assessment and Considerations
Strategic Coverage 29 Cloud Services Common Assessment and Considerations Date: November 2010 Department: Technology and Systems Governance Version: 1.0 Unclassified Malta Information Technology Agency,
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationHanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness
Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information
More informationA Checklist for Software as a Service (SaaS) Vendors and Application Service Providers
A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers This checklist is a longer version of a SaaS Checklist that appeared in the July 2009 issue of LAWPRO Magazine at
More informationInformation Disclosure Reference Guide for Cloud Service Providers
Information Disclosure Reference Guide for Cloud Service Providers In Conjunction with "Guide to Safe Use of Cloud Services for Small-to-Mid-Sized Enterprises" April 2011 Information-technology Promotion
More informationCFOs and CIOs: How do you know when to reach for the clouds?
CFOs and CIOs: How do you know when to reach for the clouds? I would like to have a way to allow many different users to have access to data and to have better analytic capabilities should we just move
More informationWhile cloud computing may have many benefits, it comes with a financial and a business cost in terms of:
Cloud Computing Technology Spotlight Defined by The National Institute of Standards and Technology as the provision of computational resources on demand via a computer network, cloud computing s advantages
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationOPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0
sm OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Assumptions... 5 SaaS Interoperability
More informationBuying Everything as a Service
Buying Everything as a Service Pierre Mitchell Chief Research Officer Spend Matters Mark Trowbridge, CPSM, C.P.M., MCIPS Principal Strategic Procurement Solutions LLC June, 2015 Session Objectives Review
More informationW H I T E PA P E R. Cloud Migration Methodology -Janaki Jayachandran (Director of Technology) a t t e n t i o n. a l w a y s.
W H I T E PA P E R Cloud Migration Methodology -Janaki Jayachandran (Director of Technology) a t t e n t i o n. a l w a y s. T A B L E O F C O N T E N T S Introduction Cloud - Is it real or hype? 3 Attributes
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationHow a Hybrid Cloud Strategy Can Empower Your IT Department
How a Hybrid Cloud Strategy Can Empower Your IT Department A step-by-step guide for developing and implementing a flexible cloud solution 1 / 11 IT service delivery, particularly in the cloud, has evolved
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationTechnology & Business Overview of Cloud Computing
Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More information