The Practical Guide to Cloud Service Level Agreements. May, 2012



Similar documents
Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013

Public Cloud Workshop Offerings

SESSION 605 Thursday, March 26, 2:45 PM - 3:45 PM Track: Metrics and Measurements

Practical Guide to Cloud Computing Version 2.0

Cloud Computing. P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

Public Cloud Service Agreements: What to Expect and What to Negotiate

Cloud Computing. Bringing the Cloud into Focus

Customer Cloud Architecture for Mobile.

Public Cloud Service Agreements: What to Expect and What to Negotiate

IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits

Release 1. ICAICT814A Develop cloud computing strategies for a business

3 rd Party Vendor Risk Management

How To Manage Cloud Data Safely

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

Cloud Service Rollout. Chapter 9

Cloud Computing: Legal Risks and Best Practices

Web Application Hosting Cloud Solution Architecture.

Big Data in the Cloud Conference. Big Data Working Group

Engagement Name. DIR Customer Name

Evolving Technology Issues: Cloud Computing

Security for Cloud Computing 10 Steps to Ensure Success

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Cloud Computing and HIPAA Privacy and Security

NIST Cloud Computing Reference Architecture

Security Issues in Cloud Computing

Cloud Computing in a Government Context

Cloud Computing are you ready?

Legal Issues in the Cloud: A Case Study. Jason Epstein

Engagement Name Cloud Services Category

Cloud IaaS: Service-Level Agreements

Practical Guide to Platform as a Service.

Cloud Computing. What is Cloud Computing?

Buying Everything as a Service

Copyright 2014 Thomas Trappler All Rights Reserved

50x Zettabytes*

Assessing Risks in the Cloud

Cloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

How To Choose A Cloud Computing Solution

Insights into Cloud Computing

On Premise Vs Cloud: Selection Approach & Implementation Strategies

CFOs and CIOs: How can you mitigate concerns when moving to the cloud?

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers

Designing Cloud Computing Solutions for Integration with SAP

Cloud Security and Privacy

Security & Trust in the Cloud

A CIO s Cloud Decision and 7 Lessons Learned From Peers

The Keys to the Cloud: The Essentials of Cloud Contracting

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Contracting for Cloud Computing

Cloud Computing. Introduction

Managed Services Computing

Evolving Issues for Healthcare IT Contracting

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Open Certification Framework. Vision Statement

AUDIT REPORT. Cloud Software as a Service (SaaS) Procurement and Governance Audit. June 9, 2016

Fundamental Concepts and Models

6 Cloud computing overview

Managing Cloud Computing Risk

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Building the Business Case for the Cloud

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Software as a Service: Guiding Principles

EXIN Cloud Computing Foundation

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Practical Guide to Cloud Computing Version 1.2

Cloud and the future of Unemployment Sean Rhody, CTO Capgemini Government Solutions

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

Fundamental Concepts and Models

Innovation through Outsourcing

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

cpouta - IaaS Cloud Computing Service Service Level Agreement

Enterprise Architecture Review Checklist

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Developing SAP Enterprise Cloud Computing Strategy

The Task. First things first what is a Service Level Agreement?

Mobile App Developer Agreements

CLOUD MIGRATION STRATEGIES

Effective Practices for Cloud Security

2014 Latin America Cloud Computing Market

Compliance in Clouds A cloud computing security perspective

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Buying Guide for Cloud Services

Security in the Cloud

6 Cloud strategy formation. 6.1 Towards cloud solutions

Enterprise Governance and Planning

Pharma CloudAdoption. and Qualification Trends

CFOs and CIOs: How do you know when to reach for the clouds?

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Transcription:

The Practical Guide to Cloud Service Level Agreements May, 2012 1

CSCC Practical Guide to Cloud Computing Provides a prescriptive nine step plan for successful cloud deployments 1 2 3 4 5 6 7 8 9 Assemble your team Develop business case and an enterprise cloud strategy Select cloud deployment model(s) Select cloud service model(s) Determine who will develop, test and deploy the cloud services Develop a proof-of-concept (POC) before moving to production Integrate with existing enterprise services Develop and manage SLAs Manage the cloud environment 2

CSCC Practical Guide to Cloud SLAs Deliverable Team Section Leads John Meegan (IBM) Lead Technical Editor; Introduction and Keys to Success Section Leader Gurpreet Singh (Ekartha) Current SLA Landscape and Disaster Recovery Section Leader Steven Woodward (Cloud Perspectives) Roles & Responsibilities; Performance Objectives Leader Salvatore Venticinque (Second University of Naples) Service & Deployment Model Section Leader Massimiliano Rak (Second University of Naples) Service & Deployment Model Section Leader Gerry Murray (Fort Technologies) Business Policies Section Leader David Harris (Boeing) Business Policies Section Leader Beniamino Di Martino (Second University of Naples) Business Policies Section Leader Yves Le Roux (CA Technologies) Security and Privacy Section Leader John McDonald (CloudOne Corporation) Service Management Section Leader Ryan Kean (The Kroger Co.) Service Failure Management Section Leader Marlon Edwards (Hoboken Consulting Group, LLC) Disaster Recovery Section Leader Dave Russell (IBM) Management Process Section Leader George Malekkos (Powersoft Computer Solutions Ltd) Exit Process Section Leader 3

Cloud Service Level Agreements Current Landscape SLAs offered by cloud providers often viewed as unsatisfactory Today, most cloud SLAs weigh heavily in provider s favor Provider s liability is limited Burden on consumer for SLA violation notification and credit request Company size influences cloud SLAs SMBs must accept provider terms Larger companies able to negotiate more stringent terms Cloud SLAs vary based on service model IaaS most mature and typically contains specific guarantees PaaS and SaaS evolving "Today, customers complain regularly that SLAs are just another form of vendor boilerplate and that it is difficult if not impossible to get much modification That doesn t mean we don t need SLA s; we do. It's important we make it clear what is going on now versus what we would like to see/influence for the future and when we are hoping that future will occur." Amy Wohl, principal consultant of Wohl Associates Over time, competition and demand for stronger SLAs will intensify, leading to benefits for companies of all sizes 4

CSCC Practical Guide to Cloud SLAs Practical Guide to Cloud SLA s: A reference to help enterprise IT analyze Cloud SLAs (Published April, 2012) 10 Steps to Evaluate Cloud SLAs 1. Understand roles and responsibilities 2. Evaluate business level policies 3. Understand service and deployment model differences 4. Identify critical performance objectives 5. Evaluate security and privacy requirements 6. Identify service management requirements 7. Prepare for service failure management 8. Understand the disaster recovery plan 9. Define an effective management process 10. Understand the exit process "Cloud service level agreements are important to clearly set expectations for service between cloud consumers and providers. Providing guidance to decision makers on what to expect and what to be aware of as they evaluate and compare SLAs from cloud computing providers is critical since standard terminology and values for cloud SLAs are emerging but currently do not exist. Melvin Greer, Senior Fellow and Chief Strategist, Cloud Computing, Lockheed Martin 5

Steps to Evaluate Cloud SLAs 1. Understand Roles & Responsibilities 2. Evaluate Business Level Policies Cloud actors: Consumer, Provider, Carrier, Broker, Auditor SLAs can contain various expectations between the actors and are not limited to quantitative measures Data policies of the provider are critical: Data Preservation Data Location Data Privacy Consumers must consider data protection legislation Recognize the activities and responsibilities of each cloud actor Precisely define requirements and desired service levels for each actor Understand the spectrum of SLAs that currently exist to compare and assess tradeoffs between cost and service levels Other business level policies expressed in the cloud SLA require careful evaluation: Guarantees Acceptable Use Policy Excessive Usage Policy Payment & Penalty Models Renewals & Transferability Industry-specific Standards 6

Steps to Evaluate Cloud SLAs 3. Understand Service & Deployment Model Differences 4. Identify Critical Performance Objectives Clarity of SLA service objectives varies significantly for each service model: PaaS and SaaS objectives are less precise than IaaS objectives PaaS consumers must distinguish between development & production environments SaaS consumers should expect general service level objectives like monthly cumulative application downtime, application response time, etc. SLA considerations for the Public model maybe greater than the Private model SLA should specify how the provider addresses added security, availability, reliability and performance risks Performance goals are directly related to efficiency & accuracy of service delivery Performance statements that are important to consumers should be measureable and auditable, and documented in the SLA Performance considerations are dependent on the supported service model (IaaS, PaaS and SaaS) 7

Steps to Evaluate Cloud SLAs 5. Evaluate Security & Privacy Requirements 6. Identify Service Management Requirements Establish classification scheme based on the criticality and sensitivity of data Assess asset sensitivity and application operational security requirements Understand legal/regulatory laws and requirements that exist to protect the privacy of personal data Audit cloud provider s security SLA compliance Uniform, straightforward, transparent and extensible system for managing and monitoring cloud services Cloud SLAs should include the following service management requirements: Auditing (unbiased assessment of provider s internal systems and measures) Monitoring & Reporting (performance & load management, notification, etc.) Metering (assurance of accurate billing, segregate billing for different services, handle geo-related taxation issues) Rapid Provisioning (speed, customization, testing, demand flexibility) Service Upgrades (develop/test, problem resolution, back out process, etc. 8

Steps to Evaluate Cloud SLAs 7. Prepare for Service Failure Management Service failure management outlines what happens when the expected delivery of a service does not occur The primary remedy for service failure is service credits Beware of liability limitations for certain types of service interruptions Problem identification should be a joint activity between consumer and provider 8. Understand the Disaster Recovery (DR) Plan Cloud does not absolve consumers of the need for serious DR planning While most cloud SLAs provide cursory treatment of DR issues, consumers should address early in the process of cloud adoption Determine if cloud vendor provides insurance to mitigate losses Risks and solutions will be different for SaaS, IaaS and PaaS 9

Steps to Evaluate Cloud SLAs 9. Define an Effective Management Process 10. Understand the Exit Process Cloud provider should produce monthly problem status reports Consumers should track key indicators If possible, consumers should schedule regular status meetings with provider A clear escalation process should be defined as an early warning activity A consumer exit plan should always be prepared at the outset of the SLA The exit process should include detailed procedures for ensuring business continuity Transmission, preservation and deprecation of consumer data should receive written confirmation 10

Keys to Success Focus on the right decision points Develop strong business case & strategy Assess providers SLA functional & non-functional requirements Keys to Success Ensure efficient Exit Process Monitor SLA Performance Define adequate Disaster Recovery Plan 11

CSCC Resources and Channels for Feedback / Comment Member Application: http://www.cloud-council.org/application Membership is free to qualifying companies Web Site: http://www.cloud-council.org OMG Contact / Sponsorship: Ken Berk - ken.berk@omg.org Join a CSCC Working Group: http://www.cloud-council.org/workinggroups.htm Resources: Practical Guide to Cloud Computing V1: http://www.cloudstandardscustomercouncil.org/10052011.htm Practical Guide to Cloud SLAs V1: http://www.cloudstandardscustomercouncil.org/04102012.htm Use Cases V1: http://www.cloudstandardscustomercouncil.org/cloud_computing_use_cases- 2.htm 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information