Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
ConfidentNOW                             Global Governance Webinar Series                  Cloud Contracts and SLAs       ...
Today’s Presenters                                    Dr. Ken Stavinoha, PhD, CISM, CISSP                                 ...
is an INC 500 award winning global leader in      providing “business driven” solutions enhancing trust, governance,      ...
Cloud Contracts And SLA                                                         Governance            i. Intro to Service ...
Cloud Services Scope and Control                                                 Source: NIST SP800-144 DraftConfidentGove...
SLA Definition        Service Agreement: known as “Terms of Service” ,“Terms and             Conditions” A               ...
Cloud Computing Risks                               Source: Ernst & Young 2010 Global Information Security Survey         ...
Cloud Risk Mitigation                                     Source: Ernst & Young 2011 Global Information Security SurveyCon...
What Providers Say:                                                      Cloud Adoption Drivers                           ...
What Providers Say:                              Cloud Security Risk Mitigation                                Source: 201...
What Providers Say:                       Who is Responsible for Cloud Security                          Source: 2011 Pone...
NIST CC Public Working Groups      NIST’s Goal: Accelerate the federal government’s      adoption of cloud computing      ...
Contract/SLA Subgroup      • RATAX working group was asked to identify additional        areas of cloud computing that cou...
Role of Contracts and SLAs   Contracts and service level agreements play a key role in    the procurement of cloud comput...
Agency Compliance                                                                     Requirements      •    Computer Frau...
Four Pillars of SLA Governance                                                         Contract                           ...
Cloud MSA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” ...
Cloud SLA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” ...
FedRAMP CIS WorksheetConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service...
Ongoing Work of NIST CC                                   Contract and SLA Subgroup       • Analyze negotiated SLAs/Contra...
THREE KEY TAKEAWAYS       Look Before You Leap - Consumers need to       perform reasonable due diligence in examining    ...
RESOURCES         www.confidentgovernance.com/confidentnow         http://csrc.nist.gov/publications/nistpubs/800-145/SP...
Questions & Comments        For additional Information:        Ken E. Stavinoha, PhD        NIST CC RA Contracts/SLA Sub-t...
ConfidentNOW                             Global Governance Webinar Series                          NEXT WEBINAR IN SERIES ...
ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
Prochain SlideShare
Chargement dans…5
×

Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series

Do you have an agreement, or are you considering one, with a cloud service provider (CSP)? Did you know that in a December 2012 article, a Gartner analyst called the SLAs offered by two large cloud providers “worthless”? Are you aware that many off-the-shelf contracts with cloud providers leave the consumer accepting the majority of the risks and liabilities? This Cloud Webinar provides key information on cloud contracts and service level agreements in findings from the National Institute of Standards and Technology (NIST) Cloud Computing Working Group.

  • Identifiez-vous pour voir les commentaires

Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series

  1. 1. ConfidentNOW Global Governance Webinar Series Cloud Contracts and SLAs Mastering SLA Governance Speaker – Dr. Ken Stavinoha, PhD, Cisco Mr. John Messina, Computer Scientist, NIST Host – Bhavesh C. Bhagat, EnCrisp - ConfidentGovernance.com CGEIT, CISM, MBA, BEConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  2. 2. Today’s Presenters Dr. Ken Stavinoha, PhD, CISM, CISSP – Cisco Mr. John Messina, Computer Scientist -NIST Bhavesh C. Bhagat, CISM, CGEIT, MBA, BE – EnCrisp – ConfidentGovernance.comConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  3. 3. is an INC 500 award winning global leader in providing “business driven” solutions enhancing trust, governance, cyber security and risk transparency since 2004.  EnCrisp’ s Confident Governance® is award winning “Governance as a Service®- Cloud Governance™ Company. 2011 Global Entrepreneurship (GEW50) Kauffman 50 Global Awardee  Governance, Security, Risk, Audit and Social Compliance Collaboration platform that you access over the Internet and pay-as-you-go.  AWARDS – INC 500, 2011 Global Entrepreneurship Kauffman 50 Start-Ups, 2011 NVTC, Hot Ticket Hottest Buzz, 2011 GovTek Best Cloud Government Solution, 2010, Business Insurance Risk TechnologyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  4. 4. Cloud Contracts And SLA Governance i. Intro to Service Level Agreement ii. Cloud Services Scope and Control iii. SLA NIST Contracts iv. Risk Factors Affecting Cloud SLAs v. Resources and Next Webinar…ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  5. 5. Cloud Services Scope and Control Source: NIST SP800-144 DraftConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  6. 6. SLA Definition Service Agreement: known as “Terms of Service” ,“Terms and Conditions” A legal document specifying the rules of the legal contract between the cloud user and the cloud provider. Service-Level Agreement: A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. (NIST SP 800-146)ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  7. 7. Cloud Computing Risks Source: Ernst & Young 2010 Global Information Security Survey Differences in Scope and Control among Cloud Service ModelsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  8. 8. Cloud Risk Mitigation Source: Ernst & Young 2011 Global Information Security SurveyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  9. 9. What Providers Say: Cloud Adoption Drivers Source: 2011 Ponemon Insititute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  10. 10. What Providers Say: Cloud Security Risk Mitigation Source: 2011 Ponemon Institute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  11. 11. What Providers Say: Who is Responsible for Cloud Security Source: 2011 Ponemon Institute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  12. 12. NIST CC Public Working Groups NIST’s Goal: Accelerate the federal government’s adoption of cloud computing – Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders Voluntary Working Groups with industry, SDOs, USG, academia (launched Nov. 5, 2010) • 5 Working Groups (Reference Architecture / Taxonomy, Security, Standards Roadmap, …) • 300+ registered members per working groupConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  13. 13. Contract/SLA Subgroup • RATAX working group was asked to identify additional areas of cloud computing that could be better defined through the development of appropriate taxonomies • SLA sub-group focused on identifying if there was any suitable existing SLA format or guide that could be used to identify all the key elements that should go into a Cloud SLA • Existing contracts and research examined for commonalities and relationships in form and content • Collected/formulated definitions pertinent to cloud contracts and SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  14. 14. Role of Contracts and SLAs  Contracts and service level agreements play a key role in the procurement of cloud computing services.  The consumer may have an agreement with one provider, but the service may be delivered via a myriad of subcontractors or other dependencies who have no contractual obligation directly with the consumer.  Consumer may have no knowledge of these third parties unless the provider chooses, or is otherwise required, to disclose them, and yet these entities may incur risk for which the consumer could ultimately be liable.ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  15. 15. Agency Compliance Requirements • Computer Fraud and Abuse Act [PL 99-474, 18 USC 1030] • E-Authentication Guidance for Federal Agencies [OMB M-04-04] • Federal Information Security Management Act (FISMA) of 2002 [Title III, PL 107-347] • Freedom of Information Act as Amended in 2002 [PL 104-232, 5 USC 552] • Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy [OMB M-01- 05] • Homeland Security Presidential Directive-7, Critical Infrastructure Identification, Prioritization, and Protection [HSPD-7] • Internal Control Systems [OMB Circular A-123] • Management of Federal Information Resources [OMB Circular A-130] • Management’s Responsibility for Internal Control [OMB Circular A-123, Revised 12/21/2004] • Privacy Act of 1974 as amended [5 USC 552a] • Protection of Sensitive Agency Information [OMB M-06-16] • Records Management by Federal Agencies [44 USC 31] • Rehabilitation Act of 1973 [Section 508 Amendment] • Responsibilities for the Maintenance of Records About Individuals by Federal Agencies [OMB Circular A-108, as amended] • Security of Federal Automated Information Systems [OMB Circular A-130, Appendix III] • The Federal Risk and Authorization Management Program (FedRAMP)ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  16. 16. Four Pillars of SLA Governance Contract Legal Cloud Landscape SLA Service Provider MetricsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  17. 17. Cloud MSA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  18. 18. Cloud SLA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  19. 19. FedRAMP CIS WorksheetConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  20. 20. Ongoing Work of NIST CC Contract and SLA Subgroup • Analyze negotiated SLAs/Contracts • Complete the NIST RA Cloud Contract/SLA draft document and present for public comment • Collaboration with the Cloud Metrics team • Participation in the ISO/IET JTC SC38 effort on cloud SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  21. 21. THREE KEY TAKEAWAYS Look Before You Leap - Consumers need to perform reasonable due diligence in examining cloud providers and their subcontractors Solicit Input- A committee, rather than one or two individuals, should formulate the requirements for cloud contracts – including SLAs Don’t Reinvent the Wheel - Organizations should examine existing controls to identify key issues to include in cloud service contracts and SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  22. 22. RESOURCES www.confidentgovernance.com/confidentnow http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf http://collaborate.nist.gov/twiki-cloud- computing/pub/CloudComputing/RATax_Jan20_2012/NIST_CC_WG_ContractSLA_Deliverable_Dra ft_v1.9.pdf http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_CloudMetrics http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final- april-2011.pdf http://www.ey.com/GL/en/Services/Advisory/IT-Risk-and-Assurance/13th-Global-Information- Security-Survey-2010---Information-technology--friend-or-foe-  http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf http://csrc.nist.gov/publications/PubsSPs.html.ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  23. 23. Questions & Comments For additional Information: Ken E. Stavinoha, PhD NIST CC RA Contracts/SLA Sub-team Leader kstavino@mail.com John Messina Chair, NIST CC RA Working Group John.messina@nist.gov Bhavesh C. Bhagat Co-Founder, EnCrisp and ConfidentGovernance.com bb@encrisp.comConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  24. 24. ConfidentNOW Global Governance Webinar Series NEXT WEBINAR IN SERIES Cloud Encryption DATE: Feb.28, 2013 TIME:11.00-11.45 A.M Speaker – Dr. Ken Stavinoha, Cisco System Dr. Sarbari Gupta, Electrosoft Host – Bhavesh C. Bhagat, EnCrisp – ConfidentGovernance.com Register Now: : http://bit.ly/WyH7R8 http://www.confidentgovernance.com/events/88-webinarConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
  25. 25. ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators

×