Service Measurement Index Framework Version 2.1

Similar documents
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

Universitat Politècnica de Catalunya

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Architectural Implications of Cloud Computing

CA Business Service Insight

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

How To Understand Cloud Usability

Estimating Trust Value for Cloud Service Providers using Fuzzy Logic

can you simplify your infrastructure?

Security Issues in Cloud Computing

Supply-Chain Risk Management Framework

6 Cloud computing overview

2012 CyberSecurity Watch Survey

Security in the Cloud

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Auditing Software as a Service (SaaS): Balancing Security with Performance

Openbravo Subscription and Recurring Billing Managing a Subscription-based Business and How a Technology Giant Did It

3 rd Party Vendor Risk Management

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

SOA for Healthcare: Promises and Pitfalls

Privacy in the Cloud A Microsoft Perspective

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Key Considerations of Regulatory Compliance in the Public Cloud

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

SMICloud: A Framework for Comparing and Ranking Cloud Services

Microsoft Axapta Financial Management consists of several individually packaged offerings: Microsoft Axapta Financials I and Financials II

Highlights & Next Steps

Applying Software Quality Models to Software Security

CA Cloud Service Delivery Platform

RANKING THE CLOUD SERVICES BASED ON QOS PARAMETERS

Planning the Migration of Enterprise Applications to the Cloud

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

SESSION 605 Thursday, March 26, 2:45 PM - 3:45 PM Track: Metrics and Measurements

Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

EXIN IT Service Management Foundation based on ISO/IEC 20000

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security Architecture Principles A Brief Introduction. Mark Battersby , Oslo

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Gain a competitive edge through optimized B2B file transfer

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

The Cloud Computing Revolution: Beyond the Hype

Privacy in the Cloud Computing Era. A Microsoft Perspective

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

Moving Target Reference Implementation

Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of

Frameworks for IT Management

Maximize the synergies between ITIL and DevOps. AXELOS.com

VMware vcloud Powered Services

ITIL in the Cloud. Vernon Lloyd.

CA Technologies Healthcare security solutions:

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Operational security for online services overview

Open Cloud Computing Interface - Service Level Agreements

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

we can Automating service delivery for the dynamic data center of the future Brandon Whichard

Security and Privacy in Cloud Computing

EXIN Cloud Computing Foundation

can I consolidate vendors, align performance with company objectives and build trusted relationships?

journey to a hybrid cloud

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Cloud Computing and the Regulatory Compliance Labyrinth

How To Write A Cloud Service Level Agreement

Assurance in Service-Oriented Environments

CA Automation Suite for Data Centers

Effective Practices for Cloud Security

Cloud Computing and Standards

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Evaluation of the Iceland State Financial and Human Resource System REPORT OF THE INDIVIDUAL EVALUATOR. Annex 2 SYSTEM AND SOFTWARE QUALITY

ITIL AS A FRAMEWORK FOR MANAGEMENT OF CLOUD SERVICES

CA Oblicore Guarantee for Managed Service Providers

AWS (Amazon Web Services) Managed

50x Zettabytes*

CERT Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

Merging Network Configuration and Network Traffic Data in ISP-Level Analyses

Introduction to the OCTAVE Approach

Contracting Officer s Representative (COR) Interactive SharePoint Wiki

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000

A FinCo Case Study - Using CA Business Service Insight to Manage Outsourcing Suppliers

When IT Leaders Should Select Private Over Public Cloud Services

The Cadence Partnership Service Definition

Open Cloud Computing Interface - Monitoring Extension

SECURITY RISK MANAGEMENT

NIST Cloud Computing Program

A Secure System Development Framework for SaaS Applications in Cloud Computing

International Software & Systems Engineering. Standards. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC JTC1/SC7 James.W.Moore@ieee.

Risk Management Framework

CLOUD MIGRATION. Celina Alexandre M6807

Cloud Computing Risk Assessment

Checklist: Cloud Computing Agreement

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

Maximize the synergies between ITIL and DevOps

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

Transcription:

Service Measurement Index Framework Version 2.1 July 2014 CSMIC Carnegie Mellon University Silicon Valley Moffett Field, CA USA

Introducing the Service Measurement Index (SMI) The Service Measurement Index (SMI) is a set of business-relevant Key Performance Indicators (KPI's) that provide a standardized method for measuring and comparing a business service regardless of whether that service is internally provided or sourced from an outside company. It is designed to become a standard method to help organizations measure cloud-based business services based on their specific business and technology requirements. The Service Measurement Index is currently being developed by the Cloud Services Measurement Initiative Consortium (CSMIC). The SMI is a hierarchical framework. The top level divides the measurement space into 7 Categories. Each Category is further refined by 4 or more s. Then within each a set of KPI s are defined that describe the data to be collected for each measure/metric. Some of these KPI s will be service specific while others will apply to all services (BPaaS, IaaS, PaaS, and SaaS). Version 2.1 of the CSMIC SMI contains the first 2 levels of this hierarchy, the Categories and s. Work is currently ongoing on the definition of the KPI s and measures related to several attributes. See Figure 1: High-Level Overview to the right for a highlevel overview of the SMI. A more detailed view (Figure 2: Detailed View) is provided on the last page of this document. For more information see: csmic.org The definitions provided here are all written using these basic terms. Client An organization that acquires one or more cloud-based services for its users Cloud Service Provider (CSP) An organization that delivers one or more cloud-based services to one or more clients. Service A set of functions or capabilities made available to a group of users by a cloud service provider, in order to achieve client objectives. SLA (Service Level Agreement) An agreement between a cloud service provider and a client documenting quantitative service level commitments. User The people that interact directly with a service. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 2

Definitions Accountability This category contains attributes used to measure the properties related to the cloud service provider organization. These properties may be independent of the service being provided. Auditability Compliance Contracting experience Ease of doing business Governance Ownership Provider business stability Provider Certifications Provider Contract/SLA Verification Provider Ethicality Provider Personnel Requirements Provider Supply Chain Provider Support Sustainability The ability of a client to verify that the cloud service provider is adhering to the standards, processes, and policies that they follow. Standards, processes, and policies committed to by the cloud service provider are followed. Indicators of client effort and satisfaction with the process of entering into the agreements required to use a service. Client satisfaction with the ability to do business with a cloud service provider. The processes used by the cloud service provider to manage client expectations, issues and service performance. The level of rights a client has over client data, software licenses, and intellectual property associated with a service. The likelihood that the cloud service provider will continue to exist throughout the contracted term. The cloud service provider maintains current certifications for standards relevant to their clients' requirements. The cloud service provider makes available to clients SLAs adequate to manage the service and mitigate risks of service failure. Ethicality refers to the manner in which the cloud service provider conducts business; it includes business practices and ethics outside the scope of regulatory compliance. Ethicality includes fair practices with suppliers, clients, and employees. The extent to which cloud service provider personnel have the skills, experience, education, and certifications required to effectively deliver a service. The cloud service provider ensures that any SLAs that must be supported by its suppliers are supported. The extent to which the cloud service provider includes or makes available assistance to the client in their efforts to use the service, including answering questions about the service and working around or correcting any problems that may arise. The impact on the economy, society and the environment of the cloud service provider. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 3

Agility Indicates the impact of a service upon a client's ability to change direction, strategy, or tactics quickly and with minimal disruption. Adaptability Elasticity Extensibility Flexibility Portability Scalability The ability of the cloud service provider to adjust to changes in client requirements. The ability of a cloud service provider to adjust its resource consumption for a service at a rapid enough rate to meet client demand. The ability to add new features or services to existing services. The ability to add or remove predefined features from a service. The ability of a client to easily move a service from one cloud service provider to another with minimal disruption. The ability of a cloud service provider to increase or decrease the amount of service available to meet client requirements and agreed SLAs. Assurance This category includes key attributes that indicate how likely it is that the service will be available as specified. Availability Maintainability Recoverability Reliability Resiliency/Fault Tolerance Service stability Serviceability The appropriateness of the service availability window, as well as the likelihood that the availability window will actually be provided to clients. Maintainability refers to the ability for the cloud service provider to make modifications to the service to keep the service in a condition of good repair. Recoverability is the degree to which a service is able to quickly resume a normal state of operation after an unplanned disruption. Reliability reflects measures of how a service operates without failure under given conditions during a given time period. The ability of a service to continue to operate properly in the event of a failure in one or more of its components. The degree to which the service is resistant to change, deterioration, or displacement. The ease and efficiency of performing maintenance and correcting problems with the service. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 4

Financial The amount of money spent on the service by the client. Billing Process Cost Financial Agility Financial Structure The level of integration that is available between the client and cloud service provider s billing systems and the predictability of periodic bills. The client s cost to consume a service over time. This includes cost of transition of the service along with recurring costs (e.g., monthly access fees) and usagebased costs. The flexibility and elasticity of the financial aspects of the CSP s services How responsive to the client s needs are the cloud service provider s pricing and billing components. Performance This category covers the features and functions of the provided services. Accuracy Functionality Suitability Interoperability Service Response Time The extent to which a service adheres to its requirements. The specific features provided by a service. How closely the capabilities of the proposed service match the features needed by the client. The ability of a service to easily interact with other services (from the same cloud service provider and from other cloud service providers). An indicator of the time between when a service is requested and when the response is available. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 5

Security and Privacy This category includes attributes that indicate the effectiveness of a cloud service provider's controls on access to services, service data, and the physical facilities from which services are provided. Access Control & Privilege Management Data Geographic/Political Data Integrity Data Privacy & Data Loss Physical & Environmental Security Proactive Threat & Vulnerability Management Retention/Disposition Security Management Policies and processes in use by the cloud service provider to ensure that only the personnel granted appropriate privileges can make use of or modify data/work products. The client's constraints on service location based on geographic or political risk. Keeping the data that is created, used, and stored in its correct form so that clients may be confident that it is accurate and valid. Client restrictions on use and sharing of client data are enforced by the cloud service provider. Any failures of these protections are promptly detected and reported to the client. Policies and processes in use by the cloud service provider to protect the provider facilities from unauthorized physical access, damage or interference. Mechanisms in place to ensure that the service is protected against know recurring threats as well as new evolving vulnerabilities. The cloud service provider s data retention and disposition processes meet the clients' requirements. The capabilities of cloud service providers to ensure application, data, and infrastructure security based on the security requirements of the client. Usability The ease with which a service can be used. Accessibility Client Personnel Requirements Installability Learnability Operability Transparency Understandability The degree to which a service is operable by users with disabilities. The minimum number of personnel satisfying roles, skills, experience, education, and certification required of the client to effectively utilize a service. Installability characterizes the time and effort required to get a service ready for delivery (where applicable). The effort required of users to learn to use the service. The ability of a service to be easily operated by users. The extent to which users are able to determine when changes in a feature or component of the service occur and whether these changes impact usability. The ease with which users can understand the capabilities and operation of the service. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 6

References In addition to earlier versions of the SMI, the following references were consulted in the creation of the Category and definitions. Due to the specific focus of the SMI on services that are or could be cloud-based, the referenced definitions have been modified to reflect this focus. CoBIT Control Objectives for Information and related Technology, Version 4.1, ISACA, 2007 DSCI, Security Framework: Best Practices, 2010 Gartner, Gartner Highlights Five s of Cloud Computing, available at http://www.gartner.com/it/page.jsp?id=1035013 Hefley, B. and Loetsche, E., esourcing Capability Model for Client Organizations, Van Haren, 2009 ISO 9001:2008 Quality management systems Requirements, 2008 ISO/IEC 27001:2005 Information technology Security techniques Information security management systems Requirements, 2005 ISO/IEC 9126-1:2001 Software Engineering - Product Quality - Part 1: Quality Model ITILV3 Glossary, English, v1, 2007 (available from http://www.itil.org/en/glossar/glossarkomplett.php) ITILV3, Service Design, Office of Government Commerce, TSO, London, 2007 NIST, Definition of Cloud Computing (Draft), January, 2011 and Cloud Taxonomy, February, 2011 NIST Cloud Computing Reference Architecture Cloud Service Metrics Description, rev. 2.3a, draft, July, 2013 Punter, T. Using checklists to evaluate software product quality: measurement concepts for qualitative determination of quality characteristics TM Forum, Enabling Cloud Services, Taxonomy draft TM Forum, Enabling End-to-End Cloud SLA Management: A Collaboration of Standard Bodies, TR 178, v2-0921, v0.4, September, 2012 INFORMATION & COPYRIGHT This material was prepared by Carnegie Mellon University and the members of its Cloud Services Measurement Initiative Consortium ( CSMIC ). It is published in the interest of providing information regarding global cloud-based services. This material is subject to U.S. copyright law and is the property of its respective creators. NO WARRANTY THIS MATERIAL IS FURNISHED ON AN AS-IS BASIS. NEITHER CARNEGIE MELLON UNIVERISTY NOR ANY OTHER CONTRIBUTOR TO THE MATERIAL MAKES ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, TO ANY MATTER (INCLUDING BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR MECHANTABILITY, EXLCUSIVITY, AND/OR RESULTS OBTAINED FROM USE OF THE MATERIAL). WITHOUT LIMITING THE GENERAL NATURE OF THE PRIOR SENTENCE, NEITHER CARNEGIE MELLON UNIVERISTY NOR ANY OTHER CONTRIBUTOR TO THE MATERIAL MAKES ANY WARRANTIES OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK OR COPYRIGHT INFRINGEMENT. TRADEMARKS Use of any trademarks in this material is not intended in any way to infringe on the rights of the trademark holder. INTERNAL USE Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided that the text of the INFORMATION & COPYRIGHT clause and the NO WARRANTY clause listed above are included on all reproductions and derivative works. EXTERNAL USE This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form. SMI Framework Version 2.1 2011-2014 Carnegie Mellon University 7

Is it easy to learn and to use? Usability Accessibility Client personnel requirements Installability Learnability Operability Transparency Understandability Can we count on the provider organization? Can it be changed and how quickly? How likely is it that the service will work as expected? How much is it? Does it do what we need? Is the service safe and privacy protected? Accountability Auditability Compliance Contracting experience Ease of doing business Governance Ownership Provider business stability Provider certifications Provider contract/sla verification Provider ethicality Provider personnel requirements Provider supply chain Provider support Sustainability Agility Adaptability Elasticity Extensibility Flexibility Portability Scalability Assurance Availability Maintainability Recoverability Reliability Resiliency/fault tolerance Service stability Serviceability Financial Billing process Cost Financial agility Financial structure Performance Accuracy Functionality Interoperability Service response time Suitability Security & Privacy Access control & privilege management Data geographic/political Data integrity Data privacy & data loss Physical & environmental security Proactive threat &vulnerability management Retention/disposition Security management CSMIC Framework, v2.1 07/2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information