Cloud Computing Service Level Agreement and Governance

Cloud reckon assistance take promise and validation aid Level intellect and Governance for Cloud ComputingThe contr real face of a service level agreement (SLA) and governance for cloud computingAli RaslanAbstractIn the world of instruction technology (IT), cloud computing has been the futuristic purpose of modern computing for the last decade or much. Nevertheless, in the last few socio-economic classs this concept has become the of importstream. However, with the entire buzz and the evolutionary techniques the information technology companies developing and implementing, m some(prenominal) overwhelming resolutions like interoperability, insecurity, and accessibility represents some of the most anticipated questions each decision maker has to consider before signing the contract of a Cloud advantage agreement document. In addition to that, one key issue for every organization trying to make the big execute to the world of cloud computing, is to provide governance for data that it no longer directly controls. During this research, I leave try to illustrate and point the main ideas and practices of the contractual side of a service level agreement (SLA) and governance for cloud computing by trying to highlight a set of guidelines to help and assist organization in defining and constraining the governance plans for data they are willing to move into the cloud.Keywords cloud computing, SLA, IT, contract, agreement, constraining.Word count 4000 words.IntroductionCloud computing is the new era of net profit evolution, where this term commonly refers to everything involves delivering hosted service and data over the internet to companies, individuals and even other computing agreements. The idea of cloud computing started in 1950s when large-scale mainframes made available to schools and corporations (James, 2013). Few decades later, this concept started to become more alive by adopting this concept by some of the major technological companies lik e Google, Amazon and Microsoft where commercial cloud computing started to take place in the market. This new technology developed through a number of phases, this entangles Software as a go (SaaS), Grid and Utility Computing (GaUC), Application Service Provision (ASP) (Arif, 2014). Nevertheless, through the development of this concept, many issues and uncertainties like security, interoperability, v final stageor lock-in, and compliance were arising against adopting this technology (North Bridge, 2013). These problems are familiar even with the traditional discipline Technology Outsourcing (ITO), and these issues usually treated at the agreement level between the service provider and the customer. Cloud Computing DefinitionsThe National Institute Of Standards And Technology NIST Definition of Cloud Computing Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a dispensed pool of configurable computing resources (e.g., networks, servers, storage, exertions, and run) that can be rapidly provisioned and released with negligible management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. ( stopcock Mell, 2011). Moreover, in his discussion The Big thumb Rewiring the World from Edison to Google by Nicholas Carr, hundred years from now, the modern era of power grid has begun when corporations started to join the power grid leaving croup the traditional power generator systems every company used to have in order to satisfy the companys need for electricity. This big shift at that time is very similar to todays switching from traditional computing and data handling to the cloud. Where with all the unusual concepts and worries about the security, actual data place and the stability of the services provided, companies will soon realize the emerging markets and services Cloud Computing can offer. The main motivation crumb Cloud computing mostly represented by the benefits this technology can offer for its clients. Where features like Service on Demand, usually with a redress as you go billing system and factors like the highly abstracted and shared resources, the instantaneous provisioning and scalability makes cloud computing the next power grid transformation. Risks and IssuesOn the other hand, despite all the mentioned benefits and features cloud computing can offer, it has been realized that there are limits to the acceptance of cloud computing among enterprise companies, because of the level of complexness and dependability these service qualification become. Moreover, the data governance issues related to this technology represents some of the main difficulties the cloud computing market is facing right now. The European Network and Information Security Agency (ENISA) defines that the client responsibility of data governance is similar to the service provider responsibility in case of any data lose or corruption (Catteddu, 2009). Thus because customer should be aware of the risks that might imply by using this technology, and to encourage these companies to investigate farther in finding a more reliable providers. In addition to that, farther risks might imply to any cloud computing environment, such as hacking attacks or unauthorized access to the actual physical data locations. The Journal of Information Technology Management categorized this type of attacks in three main categoriesAttacks tar riles hosted application under a SaaS environment.Attacks through the trusted network connection. This can be done from the customer side to the provider or from the provider side to the customer environment.Attacks targets hosted server under a PaaS or IaaS environment.(Cochran Witman, 2011)Cloud Computing Governance ComponentsIn the Information Technology Outsourcing, describing the product or the service specifications to be delivered are usually drafted via a contr act is in the form of Service Level engagement (SLA), this agreement defines the all the important and sound parts of the service between the service provider and the service recipients. The same concept can be implemented with the cloud computing, since most of the main agreement parts involves providing an information technology service. However, cloud computing intromits many different ideas and concepts, where in cloud computing agreement the service have to treat different concepts and behaviors like extraterrestrial being data physical location, rapid scaling, lower IT upfront, and even different way of paying for the service such as monthly or annual subscriptions. In addition to that, in a cloud environment, usually the services are hosted and owned by a separate party. Where in most cases the owner of the application can be different from the owner of the server (Cochran Witman, 2011). Nondisclosure and Confidentiality AgreementsThese two terms are used in many other ar eas and through all types in contracts, agreements and forms, but the basic understanding of those two terms refers to the confidentiality of the agreement in general. Therefore, at the level of a service level agreement, a nondisclosure agreement usually means a confidential agreement. Margaret Rouse in her article about Nondisclosure Agreements she defines NDA as A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information with anyone else for a specified period of time. (Margaret, 2005). Similarly, David V. Radack in his article Understanding Confidentiality Agreements, he defines confidential agreement as Confidentiality agreements, are contracts entered into by two or more parties in which some or all of the parties agree that certain types of information that pass from one party to the other or that are created by o ne of the parties will remain confidential. (David, 2014). From the two provided definitions, we can see that a confidential or nondisclosure agreement force all participated parties to protect and never part any of the information passed between the parties while building the service. Legal locationIn general, the actual physical location of the server or the data in a Cloud Computing environment is not important from the technical point of view. However, from a legal point of view a Service Level Agreement requires clearly identifying the actual location of the servers handling the data and services. Thus in case of a security breach from the provider side, punishments or penalties could be issued through the providers local authority. For that reason, if the breach resulted the data to be moved into an offshores location, the local government regulations might have no effects towards that (Steele 2010). On the other hand, a civil case could be issued in the right of the vendor o r attacker in case of such risks. For that reason, defining the legal location is very important in a service level agreement because it represents a legal cover to the actual data that might get stolen or destroyed. The Restrictions of a Software LicenseSoftware License Restrictions is a very imperative factor in any Software License Agreement because it might affect the main tasks of the whole system in case of storing on an unknown devices or servers. This might occurs because sometimes package license might get violated when stored or hosted via remote hardware infrastructure. This issue might results a side effects like not being able to fall out the system as a whole or a part because package licenses might have a security features at the level of linking the software to a special machine MAC address or a processor serial number. User based exposuresUser based exposures might occurs when an end user posts some data in a secure interface or website in the system, after submi tting the data to the main data server, the data might get through a third party communication systems or servers. During this stage, a security breach might occurs were data can be lost, stolen or disclosed. At this level, the Service Level Agreement investigates what administrators at this level have access to during the transmission stage. This point might cover different types and techniques for encrypting the data, or include the third party providers in the agreement to insure the security and safety of the data. Communicating With Remote Networks and Services.The systems integration and incorporation with the cloud software as a service is one the most important factors any cloud based services have to offer for any system. However, integrating these services with the organizations internal system sometimes means giving these services the possibility to become a part of the internal system. This can be an issue concerning the security the internal system. Mathias Thurman in h is article Tightening Up SaaS Security, discusses how these concerns increase when the security of the SaaS is unidentified or unknown. Basically because when integrating the internal system with the SaaS, the SaaS network becomes a part of the internal system, and when reaching this level of integration, any attacks of security failures from the side of the SaaS provider well results the local network to be at risk too (Mathias, 2010).Cloud Service Level Agreement ComponentsService Level Agreement templetTo illustrate the main parts and layout of a Service Level Agreement in a cloud-computing environment, in the following template we can see the main parts, layout, and definitions of the Service Level Agreement content, made by SLATemplate.com. Certainly, a Service Level Agreement can includes hundreds of pages describing every single specification. However, for the sake of illustrating the sample main part of the agreement we have the following template represents the most import ant parts of an SLA for a Cloud Computing system.Service Level Agreement (SLA)for customerbyCompany nameEffective betrothal 10-08-2010VersionApproval(By signing below, all Approvers agree to all terms and conditions outlined in this Agreement.)Table of Contents1. Agreement Overview2. Goals Objectives3. Stakeholders4. tipic Review5. Service Agreement1. Agreement OverviewThis Agreement represents a Service Level Agreement (SLA or Agreement) between Company name. and Customer for the provisioning of IT services required to reward and sustain the Product or service.This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.This Agreement outlines the parameters of all IT services covered as they are mutually understood by the primary stakeholders. This Agreement does not supersede current processes and procedures unless explicitly stated herein.2. Goals ObjectivesThe purpose of this Agreement is to ensure that the proper elements and commitments are in place to provide consistent IT service underpin and delivery to the Customer(s) by the Service supplier(s).The goal of this Agreement is to ascertain mutual agreement for IT service provision between the Service Provider(s) and Customer(s).The objectives of this Agreement are toProvide clear reference to service ownership, accountability, roles and/or responsibilities.Present a clear, concise and measurable description of service provision to the customer.Match perceptions of expected service provision with actual service support delivery.3. StakeholdersThe following Service Provider(s) and Customer(s) will be used as the basis of the Agreement and represent the primary stakeholders associated with this SLAIT Service Provider(s) Company name. (Provider)IT Customer(s) Customer (Customer)4. Periodic ReviewThis Agreement is valid from the Effective Date outlined herein and is valid until further notice. This Agreement should be reviewed at a minimum once per fis cal year thus far, in lieu of a review during any period specified, the current Agreement will remain in effect.The Business Relationship Manager ( account Owner) is responsible for facilitating regular reviews of this document. Contents of this document may be amended as required, provided mutual agreement is obtained from the primary stakeholders and communicated to all affected parties. The enumeration Owner will incorporate all subsequent revisions and obtain mutual agreements / approvals as required.Business Relationship Manager Company nameReview Period Bi-Yearly (6 months)Previous Review Date 01-08-2010Next Review Date 01-12-20115. Service AgreementThe following detailed service parameters are the responsibility of the Service Provider in the ongoing support of this Agreement.5.1. Service ScopeThe following Services are covered by this Agreemento Manned telephone supporto Monitored email supporto Remote assistance using Remote Desktop and a Virtual Private Network where ava ilable plan or Emergency Onsite assistance (extra costs apply)Monthly system health check5.2. Customer RequirementsCustomer responsibilities and/or requirements in support of this Agreement includePayment for all support costs at the agreed interval.Reasonable availability of customer representative(s) when resolving a service related incident or request.5.3. Service Provider RequirementsService Provider responsibilities and/or requirements in support of this Agreement includeMeeting response times associated with service related incidents. detach notification to Customer for all scheduled maintenance.5.4. Service AssumptionsAssumptions related to in-scope services and/or components includeChanges to services will be communicated and documented to all stakeholders.6. Service ManagementEffective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, supervise of in-scope services a nd related components.6.1. Service AvailabilityCoverage parameters specific to the service(s) covered in this Agreement are as followsTelephone support 900 A.M. to 500 P.M. Monday FridayCalls received out of king hours will be forwarded to a mobile phone and best efforts will be made to answer / action the call, however there will be a backup answer phone serviceEmail support Monitored 900 A.M. to 500 P.M. Monday FridayEmails received outside of office hours will be collected, however no action can be guaranteed until the next works dayOnsite assistance guaranteed within 72 hours during the business hebdomad6.2. Service RequestsIn support of services outlined in this Agreement, the Service Provider will respond to service related incidents and/or requests submitted by the Customer within the following time frames0-8 hours (during business hours) for issues classified as High priority.Within 48 hours for issues classified as Medium priority.Within 5 working days for issues class ified as Low priority.Remote assistance will be provided in-line with the above timescales dependent on the priority of the support request.(SLA template, 2010)ReferencesCarr, N. G., January 2008. The Big Switch Rewiring the World, from Edison to Google. s.l.s.n.COCHRAN, M. WITMAN, P. D., 2011. GOVERNANCE AND SERVICE LEVEL AGREEMENT ISSUES IN A CLOUD COMPUTING ENVIRONMENT. Journal of Information Technology Management Volume XXII, Number 2, pp. 41-55.Peter Mell, T. G., 2011. The NIST Definition of Cloud Computing. Online Available at http//csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdfArif Mohamed, A history of cloud computing. 2014. ONLINE Available at http//www.computerweekly.com/feature/A-history-of-cloud-computing. Accessed 5 March 2014.James, A Brief muniment of Cloud Computing SoftLayer Blog. 2013. ONLINE Available at http//blog.softlayer.com/2013/virtual-magic-the-cloud. Accessed 10 March 2014.North Bridge, 2013 Cloud Computing Survey North Bridge. 2014. ONLINE Available at http//www.northbridge.com/2013-cloud-computing-survey. Accessed 11 whitethorn 2014.Peter Mell. The NIST Definition of Cloud Computing 2011. ONLINE Available at http//csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf. Accessed 11 whitethorn 2014.Catteddu, D. and G. Hogben, Cloud Computing Benefits, risks and recommendations for information security 2009, European Network and Information Security Agency Heraklion, Crete, Greece. 125 pp.Margaret Rouse, What is non-disclosure agreement (NDA)? Definition from WhatIs.com. ONLINE Available at http//searchsecurity.techtarget.com/definition/non-disclosure-agreement. Accessed 11 May 2014.David V. Radack, Understanding Confidentiality Agreements. 2014. ONLINE Available at http//www.tms.org/pubs/journals/jom/matters/matters-9405.html. Accessed 11 May 2014.Steele, C., City of Monrovia, California, personal communication, 2010.Mathias Thurman, Tightening Up SaaS Security Computerworld. 2010. ONLINE Available at http//www.c omputerworld.com/s/article/352873/Tightening_Up_SaaS_Security. Accessed 11 May 2014.SLATeamplate.com, Service Level Agreement Template (SLA). 2010. ONLINE Available at http//www.slatemplate.com/. Accessed 11 May 2014.