Cloud Consumer and Cloud Vendor Rights and Responsibilities



Similar documents
A Comprehensive Study on Cloud Computing Standardization

NATO s Journey to the Cloud Vision and Progress

PRIVACY PRESERVATION ALGORITHM USING EFFECTIVE DATA LOOKUP ORGANIZATION FOR STORAGE CLOUDS

Cloud Computing and Standards

Fundamental Concepts and Models

On Premise Vs Cloud: Selection Approach & Implementation Strategies

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Selection of a Best Cloud Service Provider (CSP)

Software as a Service (SaaS) Testing Challenges- An Indepth

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Cloud Computing Services and its Application

Cloud Computing. P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r

A Survey on Cloud Computing

Security Issues in Cloud Computing

Cloud Computing Technology

CLOUD COMPUTING: ARCHITECTURE AND CONCEPT OF VIRTUALIZATION

A Survey Paper: Cloud Computing and Virtual Machine Migration

Grid Computing Vs. Cloud Computing

Security in the Cloud

Cloud Computing. Bringing the Cloud into Focus

A New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing Architecture: A Survey

AMANDA Managed Services Understanding the benefits of moving to the cloud

PLATFORM & INFRASTRUCTURE AS A SERVICE

Key Research Challenges in Cloud Computing

Public, Private and Hybrid. Not Quite That Simple

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

How To Understand Cloud Usability

Secure Cloud Computing through IT Auditing

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

CHAPTER 8 CLOUD COMPUTING

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Cloud Computing An Elephant In The Dark

How To Secure Cloud Computing

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Study of Infrastructure Clouds

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Security issues for Cloud Computing

Info-Security Conference Securing Your Applications in the Cloud. 29 May 2013

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM

Time to Value: Successful Cloud Software Implementation

journey to a hybrid cloud

The Need for Service Catalog Design in Cloud Services Development

WRITTEN TESTIMONY OF NICKLOUS COMBS CHIEF TECHNOLOGY OFFICER, EMC FEDERAL ON CLOUD COMPUTING: BENEFITS AND RISKS MOVING FEDERAL IT INTO THE CLOUD

A Framework to Improve Communication and Reliability Between Cloud Consumer and Provider in the Cloud

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

HP Cloud technologies

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

T Mobile Cloud Computing (5 cr)

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

How To Understand Cloud Computing

Developing SAP Enterprise Cloud Computing Strategy

SaaS, PaaS & TaaS. By: Raza Usmani

OVERVIEW Cloud Deployment Services

NCTA Cloud Architecture

CLOUD COMPUTING. A Primer

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Keywords Cloud Environment, Cloud Testing, Software Testing

Cloud Security Who do you trust?

Shared Services Canada. Cloud Computing

Oracle Cloud Computing Strategy

VMware vcloud Powered Services

Chapter 2: Transparent Computing and Cloud Computing. Contents of the lecture

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Cloud Computing Safe Harbor or Wild West?

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen

Hosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud

Cloud Computing Security Issues

CHALLENGES AND ISSUES OF DEPLOYMENT ON CLOUD

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

NIST Cloud Computing Program

A.Prof. Dr. Markus Hagenbuchner CSCI319 A Brief Introduction to Cloud Computing. CSCI319 Page: 1

Guiding SOA Evolution through Governance From SOA 101 to Virtualization to Cloud Computing

The Definitive Guide to the Cloud and Kentico CMS THOMAS ROBBINS

IS PRIVATE CLOUD A UNICORN?

Hybrid Cloud Architecture: How to Streamline Hybrid Cloud Migration

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

IT Service Management aus der Cloud

What Cloud computing means in real life

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

TRG Clients in the Cloud Today

Managed Cloud Services

Performance Gathering and Implementing Portability on Cloud Storage Data

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Fundamental Concepts and Models

Web Application Hosting Cloud Solution Architecture.

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Security Analyzing in UNIX for Cloud Computing Environment

A Study on the Cloud Computing Architecture, Service Models, Applications and Challenging Issues

Trust but Verify. Vincent Campitelli. VP IT Risk Management

PeopleSoft Cloud Architecture Automating PeopleSoft Deployment

From Grid Computing to Cloud Computing & Security Issues in Cloud Computing

Transcription:

Cloud Consumer and Cloud Vendor Rights and Responsibilities Dr Mukesh Chandra Negi Project Manager, Tech Mahindra Ltd, Noida, India ABSTRACT: A cloud service provider is an organization which provides the cloud services, and a cloud consumer is a person or organization that uses the different cloud services from one or different cloud service providers. It has been a great challenge since years to understand the level of responsibilities between a cloud vendor and consumer due to lack of cloud standards [1] [2]. There are no standard guidelines as of today to get a formal agreement on service responsibilities with cloud service providers which makes it an area of great worry for cloud consumers. Consumers don t get confidence to buy a cloud service unless there is a clear understanding in terms of the responsibilities. Despite of all of this we know cloud computing business still growing with a rapid speed and consistently year by year. One of the reasons is despite of such challenges benefits visibilities are on higher side, and all are getting agreed based on their mutual understandings [3]. But practically it s a very confusing and time taking process to understand and document all responsibilities between consumer and vendor to sign a formal agreement. In this paper I am going to explain a set of standard expectations need to be set and agreed formally between a cloud consumer and vendor to avoid such non formal mutual understanding agreements. KEYWORDS: Cloud Consumer, Cloud Vendor, Cloud Services, Cloud Standards I. INTRODUCTION Cloud service provider and consumer both are having different set of roles and responsibilities over the resources of cloud computing model. In comparison with traditional on premises IT infrastructure where consumer organization has complete control over all of the IT resources and life-cycle of the system, consumer and provider jointly design, develop, implement and support the cloud computing service model [4]. Distribution of responsibilities means both partner will share the responsibilities to make and operate system smoothly according to the agreed terms and conditions. All these agreements in terms of responsibilities would be factored based on the different cloud models like IaaS, Paas and SaaS. For example, in a typical Iaas cloud model, all the provisioning of initial privileged users is generally performed by the IaaS provider however later all the user management of all applications deployed in IaaS will be done by the cloud consumer [6[ [7]. Some of the high level areas in terms to distribute the responsibilities are below SLA (Service Level Agreements) Reporting and Monitoring Data and System Portability Interoperability Deploy and Configurations Cloud Service Management Security and Privacy Identity and Access Management Auditing Cost and Billing Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0308026 7316

Fig 1 Area to define consumer and vendor roles and responsibilities II. RELATED WORK Reference [1][2][3] and [4] are the research from some of the big independent research and standardization organizations across the world where they have been working with different customers and cloud vendors and doing deep study on cloud model to understand and make a standard in terms of responsibilities between each stakeholders of cloud model, specially between two important stakeholder, cloud consumer and cloud vendor. There are still lots of misunderstanding and misconceptions exist between different peoples and organization in terms of responsibilities and as of now it s just being finalized between consumer and vendor based on mutual understandings and agreements which is not a good practice. Rest reference till [15] are research from some independent persons, research scholars and organizations in the field of cloud computing where they have studied and highlight many areas where there is a need of to define standard responsibilities between cloud consumer and cloud vendor. III. RELATIONSHIP AND RESPONSIBILITIES BETWEEN CLOUD CONSUMER AND PROVIDER The roles and responsibilities in cloud computing is vary and depend on which service and which cloud deployment model consumer is selecting. It would be completely own by some of your internal business unit of department in case of on premises deployment model, it would be with a third party private cloud provider or with both in case of a hybrid model [8]. Based on the requirement and choice of consumer, there is a clear procedures and policies has to be agreed between both parties on all identified services like, security, reporting, monitoring and complete operations and maintenance [9]. Depend on the deployment model chosen, complete cloud service provider role would be entirely assigned to the third party service provider in case of public cloud. Most importantly, the responsibilities of development, implementation & operations on security options will be maintained by all of the stakeholders and there should be clear understanding on all security points between all. Especially consumer must have clear understandings on level of oversight or visibility they will have in security solutions and whatever not in scope. There should be any gap in understandings of any of the security function [10]. Please read below to understand responsibilities based on different cloud deployment models. Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0308026 7317

A. RESPONSIBILITIES IN PUBLIC CLOUD In public cloud, complete cloud of services is deployed within a third party cloud service provider s environment. You have to subscribe for a particular service or have to pay bills based on pay-as-you-use basis to get access on the applications or services. Generally there is a very less control and scope of responsibilities with consumer in public cloud model as it s a shared multitenant model, where multiple subscribers or consumers use the same applications and services. This is the reason public cloud model services are cheap and you have to sign an agreement on all understandings, terms & conditions before subscription [11]. B. RESPONSIBILITIES IN PRIVATE CLOUD In a private cloud model, if it s an on premises model then everything will be managed by the consumer. Everything is managed by the organization internal IT department and all responsibilities lies within the CTO of organizations. It s the most costly one model [12]. If it s a third party managed cloud private model then all the responsibilities will be distributed based on what all services consumer going to purchase from third party private cloud service provider. I will explain it in more detail in my next section. C. RESPONSIBILITIES IN HYBRID CLOUD Hybrid is a combination of all cloud deployment models public, on premises private cloud and off premises private cloud. In this model there is a mix kind of responsibilities lies between all stakeholders depend on the model and services distributed between all. IV. DIFFERENT CLOUD SERVICE MODEL RESPONSIBILITIES In all of the cloud delivery models, especially in public cloud model it is very important for all stakeholders to understand all of the elements of the services used all of their associated risks [13]. Some of the responsibilities are equally owned and shared by each and every party involved. Please refer below to understand the responsibilities with respect to each technical stack & delivery model. Fig 2 Different cloud service model layers and description[1]. Below is the figure which shows the standard responsibilities between consumer & provider with respect to each cloud delivery model. SaaS is a cloud model where complete infrastructure and applications are maintained by the third party cloud service provider. As an end user you have to subscribe for the services you wanted to use and you have control over certain features as per your requirements and subscription model. Most of the time it s a multi-tenant model there, where multiple users share the same applications and infrastructure, unless you have subscribed and paid for separate Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0308026 7318

private access environment. PaaS is a model where you subscribe and paid for the infra and software s but all related applications, data and management is controlled by you. In Iaas cloud delivery model you subscribe and paid for the Infrastructure only, where you take complete IT infrastructure from the cloud service provider but all the application, software s, data and infra management part handled by you. Fig 3 Different cloud services and responsibilities V. COMBINED ACTIVITIES AND SERVICES As I have explained above, cloud consumer if the ultimate end user who is going to use the provider services so there has to be clear understandings and clarity on role of a consumer in every cloud deployment model. It s very well understood that a cloud service provider provide both infrastructure and applications as a service but understanding on at what extent level it is need to be studied and understand thoroughly. Certain generic understanding is there with respect to each cloud service delivery model which shows what all services and responsibilities lying on the plate of a consumer [14] [15]. Below are some high level activities by consumer and vendor with respect to each delivery model SaaS Consumers uses applications and services for their business processes and operations. Vendor does the complete management of software s and applications over cloud infrastructure like installation, upgrades, patches etc. Paas Consumers managed the development, deployment, testing etc. of the applications over cloud infrastructure and applications. Vendors provide complete infrastructure as well as software, tools etc. IaaS Customers performed complete create, manage, install and complete monitoring of IT infrastructure. Vendors do complete provisioning of networking infrastructure, security components, servers, storage etc. VI. CONCLUSION There are different lines of responsibilities and accountability with respect to different services and cloud deployment models. There has to be clear procedures, policies and agreements need to be defined and agreed between cloud consumer and cloud provider in terms of service level agreement, development, implementation, operations and support etc. Generic understandings and accountabilities are there for each cloud delivery models, but still lots of misunderstanding and misconceptions are there due to lack to standards, which is hampering the expected growth of cloud computing. Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0308026 7319

REFERENCES [1] PCI DSS Cloud Computing Guidelines, https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_cloud_guidelines.pdf [2] NIST Cloud Computing Standards Roadmap, http://www.nist.gov/itl/cloud/upload/nist_sp-500-291_version- 2_2013_June18_FINAL.pdf [3] NIST Cloud Computing Reference Architecture, http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505 [4] Gartner cloud computing 'rights and responsibilities',,http://www.zdnet.com/article/gartner-releases-cloud-computing-rights-andresponsibilities/ [5] An K, Pradhan S, Caglar F, GokhaleA (2012) A Publish/Subscribe Middleware for Dependable and Real-time Resource Monitoring in the Cloud. In: Proceedings of the Workshop on Secure and Dependable Middleware for Cloud Monitoring and Management.ACM, New York, NY, USA. pp 3:1 3:6 [6] http://www.cloudcomputingadmin.com/articles-tutorials/architecture-design/selecting-cloud-management- platform-part1.html [7] Dhingra M, Lakshmi J, Nandy SK (2012) Resource Usage Monitoring in Clouds. In: Proceedings of the 2012ACM/IEEE 13th International Conference on Grid Computing.IEEE Computer Society, Washington, DC, USA. pp 184 191 [8] http://www.datamation.com/cloud-computing/cloud-computing-management-and-monitoring-7-emerging- vendors-1.html [9] Goldsack P, Guijarro J, Loughran S, Coles A, Farrell A, Lain A, Murray P, Toft P (2009) The SmartFrogconfiguration management framework. ACM SIGOPS Operating Syst Rev 43(1):16 [10] Greenberg A, Hamilton J, Maltz DA, Patel P (2008) The cost of a cloud. ACM SIGCOMM ComputCommun Rev 39(1):68 [11] Ian Foster, Yong Zhao, IoanRaicu, Shiyong L u Cloud Computing and Grid Computing 360-Degree Compared In: 2008 Grid Computing Environments Workshop.IEEE. pp 1 10 [12] Kozuch MA, Ganger GR, Ryan MP, Gass R, Schlosser SW, O Hallaron D, Cipar J, Krevat E, López J, Stroucken M (2009) Tashi. In: Proceedings of the 1st workshop on, Automated control for datacenters and clouds - ACDC 09. ACM Press, New York, New York, USA. [13] Marshall P, Keahey K, Freeman T (2011) Improving Utilization of Infrastructure Clouds. In: 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.IEEE. pp 205 214 [14] Massie ML, Chun BN, Culler DE (2004) The ganglia distributed monitoring system: design, implementation, and experience. Parallel Comput 30(7):817 840 [15] Pardo-Castellote G (2003) OMG data-distribution service: architectural overview. In: 23rd International Conference on Distributed Computing Systems Workshops, 2003.Proceedings.IEEE. pp 200 206 Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0308026 7320

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information