Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)



Similar documents
Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Cloud Computing A NIST Perspective and Beyond. Robert Bohn, PhD Advanced Network Technologies Division

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

NIST Cloud Computing Security Reference Architecture (SP draft)

The NIST Cloud Computing Program

NIST Cloud Computing Reference Architecture

The NIST Definition of Cloud Computing

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Security Introduction and Overview

The Road to Cloud Standards via a Reference Architecture

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

IS PRIVATE CLOUD A UNICORN?

Security Issues in Cloud Computing

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

NIST Cloud Computing Program

Capability Paper. Today, aerospace and defense (A&D) companies find


6 Cloud computing overview

The NIST Definition of Cloud Computing (Draft)

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Document: NIST CCSRWG 092. First Edition

White Paper on CLOUD COMPUTING

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Managing Cloud Computing Risk

US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)

OVERVIEW Cloud Deployment Services

PRIVATE CLOUD PLATFORM OPTIONS. Stephen Lee CEO, ArkiTechs Inc.

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

NIST Cloud Computing Standards Roadmap

Cloud Computing. What is Cloud Computing?

National Institute of Standards and Technology

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for:

Kent State University s Cloud Strategy

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Highlights & Next Steps

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Cloud Computing Technology

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Getting Familiar with Cloud Terminology. Cloud Dictionary

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

Applying Business Architecture to the Cloud

Enhancing Operational Capacities and Capabilities through Cloud Technologies

CLOUD COMPUTING GUIDELINES FOR LAWYERS

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

CHAPTER 8 CLOUD COMPUTING

US Government Cloud Computing Technology Roadmap Volume I

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Cloud Computing; What is it, How long has it been here, and Where is it going?

What Cloud computing means in real life

Soft Computing Models for Cloud Service Optimization

AskAvanade: Answering the Burning Questions around Cloud Computing

Enterprise Governance and Planning

Secure Cloud Computing through IT Auditing

How cloud computing can transform your business landscape.

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

1. From the CIO Strategic Direction for Cloud Computing at Kent State Cloud Computing at Kent State University 5

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Technology & Business Overview of Cloud Computing

CLOUD COMPUTING DEMYSTIFIED

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Security & Trust in the Cloud

How cloud computing can transform your business landscape

Seeing Though the Clouds

Cloud Computing. Karan Saxena * & Kritika Agarwal**

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

cloud computing by Orange séminaire Aristote 17/12/2009

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

How To Get A Cloud Based System In Your Country

Shared Services Canada. Cloud Computing

Cloud Computing: The Next Computing Paradigm

BUSINESS MANAGEMENT SUPPORT

An Overview of the Most Important Reference Architectures for Cloud Computing

Unified Communications and the Cloud

Fundamental Concepts and Models

Transcription:

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York, New York 22 July 2015

Introduction Problem Statement Be able to procure cloud services in a secure, reliable, repeatable, and measureable manner which reflect the business & technical requirements of an organization. Goals of this talk Understand the NIST Model of Cloud Computing Understand the Variety of Cloud Services Understand Service Level Agreements & their limitations. Relationship between Requirements and Metrics 2

Cloud.. blah.. blah.. Services.. blah.. blah SLAs.. blah.. blah Pete s Journey to Cloud 1. To know the business & technical requirements of his organization. 2. To understand landscape of cloud computing, cloud services and service level agreements (SLAs). 3

NIST Definition of Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 3 Service Models Software as a Service Platform as a Service Infrastructure as a Service (SaaS) (PaaS) (IaaS) 4 Deployment models Public, Private, Community, Hybrid 5 Essential Characteristics On demand self-service Broad network access Resource Pooling Rapid Elasticity Measured Service Determine the What of Cloud Computing Significantly different from How to Build 4

NIST Cloud Computing Reference Architecture Actors and their Roles Cloud Consumer Person or organization that maintains a business relationship with, and uses service from Cloud Providers. Cloud Auditor A party that can conduct independent assessment of cloud services, information system operations, performance and security of the cloud implementation. Cloud Provider Person, organization or entity responsible for making a service available to Cloud Consumers. Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. Cloud Carrier The intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers. 5

NIST CCRA (NIST SP 500-292) Cloud Consumer Cloud Auditor Security Audit Privacy Impact Audit Performance Audit Service Layer IaaS PaaS SaaS Resource Abstraction and Control Layer Physical Resource Layer Hardware Facility Cloud Provider Cloud Service Management Business Support Provisioning/ Configuration Portability/ Interoperability Cloud Broker Service Intermediation Service Aggregation Service Arbitrage Cloud Carrier Security & Privacy Everyone has some responsibility in managing S&P 6

Example Services Available to a Cloud Consumer ERP Billing Sales CRM Human Resources Social Networks Financials Content Management Cloud Provider Business Intelligence Development & Testing Collaboration PaaS Consumer Document Management Database Application Deployment Integration SaaS Consumer Storage CDN Backup & Recovery Email & Office Productivity IaaS Consumer Services Management Platform Hosting Compute 7

Types of Cloud Services Address Verification as a Service Anything as a Service API as a service (APIaaS) Application Delivery as a Service Application Platform as a Service Architecture as a Service Authentication as a Service Backend as a Service Backup as a Service Big Data as a Service Broker as a Service Business as a Service Business Process as a Service Cloud Load Balancers as a Service Collaboration-as-a-Service Commerce as a Service Communication as a Service Computing as a Service Contact Center as a Service Data as a service Database as a service Desktop as a Service (DTaaS) Development as a Service DevTest as a Service (DTaaS) Disaster Recovery as a Service Drupal as a Service Email as a Service Encryption as a Service Everything as a Service Firewall as a Service Framework as a Service Globalization as a Service Hadoop as a Service Hardware as a Service High Performance Computing as a Service Identity as a Service Infrastructure PaaS Integrated Development Environment as a Service Integration as a Service Integration Platform as a Service IT as a Service Java Platform as a Service Knowledge as a Service Light as a Service Logon as a Service Management as a Service Mashups as a Service Message Queuing as a Service Mobility as a Service Mobility Backend as a Service Monitoring as a Service Network Access Control as a Service Network as a service Operations as a Service Optimization as a Service Payment as a Service Quality as a Service Query as a Service Recovery as a Service Remote Backup as a Service Risk Assessment as a Service Security as a service Service Desk as a Service Storage as a service Telepresence as a Service Test environment as a service Testing as a Service Unified Communications as a Service Video Conferencing as a Service Video Surveillance as a Service Voice as a Service Web Site as a Service 8

Smorgasbord of Services 9

Cloud Services - Essential Characteristics On-Demand Self-Service Broad Network Access A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Resource Pooling The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, and network bandwidth. (NIST SP 800-145): The NIST Definition of Cloud Computing 10

Cloud Services - Essential Characteristics Rapid Elasticity Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. Measured Service Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported. (NIST SP 800-145): The NIST Definition of Cloud Computing 11

Apples to Apples 12

Cloud Service Level Agreements (SLAs) Cloud Service Level Agreement: A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. Differs from Master Service Agreement (MSA). No standard cloud computing contracts exist. Little agreement with respect to: which elements should appear within a SLA which metrics to use how terms are defined 13

Contents of an SLA Business Level Objectives Roles & Responsibilities Requirements Operational Policies Continuity Limitations Financial Glossary of Terms Service Level Objectives Resources Performance Indicators Service Deployment Service Management Description Security Privacy 14

Cloud Business & Performance Indicators 15

SLAs & Metrics Selecting & Decision Making Cloud Customer Metrics Cloud A Properties Cloud B Properties 16

SLAs & Metrics - Monitoring Services Cloud Customer Requirements Monitoring Metrics SLA Service Capabilities Cloud B offering 17

SLA Performance Metric - Service Availability An Availability Metric could be based on different definitions for measures: Most commonly, availability is evaluated based on the percentage of uptime (available state) of a resource, over some period of time. service_uptime_percentage: the percentage of qualified service availability time over the observation time, as defined by the expression: service uptime % = qualified_uptime_total observation_time_total 100 (NIST SP 500-307) 18

Three parts to the process Decide - lay out the requirements for the service Agree - the MSA/SLA is the agreement connecting customer and provider Measure - are the SLA objectives met? 19

20

NIST Cloud Computing Special Publications CC Standards Roadmap...500-291 CC Reference Architecture...500-292 USG CC Technology Roadmap...500-293 Security Reference Architecture...500-299 Cloud Service Metrics Description...500-307 Guidelines on Security and Privacy.800-144 Definition of Cloud Computing..800-145 CC Synopsis & Recommendations...800-146 Searchable as NIST SP xxx-nnn 21

Dr. Abdella Battou Dr. Robert Bohn John Messina Dr. Michaela Iorga Annie Sokol Mike Hogan Eric Simmon Frederic de Vaulx Lisa Carnahan NIST ITL Cloud Computing Home Page Contacts abdella.battou@nist.gov robert.bohn@nist.gov john.messina@nist.gov micheala.iorga@nist.gov annie.sokol@nist.gov michael.hogan@nist.gov eric.simmon@nist.gov frederic.devaulx@nist.gov lisa.carnahan@nist.gov CC Lead/ANTD Chief Program Mgr RA/Tax Co-Convener Security Standards Standards SLA/Standards Metrics Conformity Assessment http://www.nist.gov/itl/cloud NIST Cloud Computing Collaboration Site (twiki) http://collaborate.nist.gov/twiki-cloud-computing/bin/view/cloudcomputing 22

Thank You 23

USG Cloud Computing Technology Roadmap Requirements (NIST SP 500-293) 1. International voluntary consensusbased standards 2. Solutions for High-priority Security Requirements, technically decoupled from organizational policy decisions 3. Technical specifications to enable development of consistent, highquality Service-Level Agreements 4. Clearly and consistently categorized cloud services 5. Frameworks to support seamless implementation of federated community cloud environments 6. Updated Organization Policy that reflects the Cloud Computing Business and Technology model 7. Defined unique government regulatory requirements and solutions 8. Collaborative parallel strategic future cloud development initiatives 9. Defined and implemented reliability design goals 10.Defined and implemented cloud service metrics 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information