SlideShare une entreprise Scribd logo

Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0

Cloud Standards Customer Council
Cloud Standards Customer Council

Webinar presentation July 28, 2016 Do you really know the implications for your business of all the terms and conditions listed in the agreements that a public cloud service provider asks you to sign? Public Cloud Service Agreements: What to Expect and What to Negotiate, Version 2.0 was written to help you, the customer, understand the meaning of these terms, obtain clarifications, and sometimes get stronger commitments. This white paper complements the Cloud Standards Customer Council’s Practical Guide to Cloud Service Agreements but goes deeper, based on analyzing dozens of actual agreements. Version 2.0 reflects the evolution of the market, the growing concerns about privacy, the development of hybrid clouds, and more. Join several of the paper’s co-authors who will share best practices to evaluate competing offers. Read the CSCC's deliverable here: http://www.cloud-council.org/deliverables/public-cloud-service-agreements-what-to-expect-and-what-to-negotiate.htm

Logiciels
1  sur  20
Télécharger pour lire hors ligne
Public Cloud Service Agreements: What to Expect & What to Negotiate V2.0 http://www.cloud-council.org/deliverables/public-cloud-service- agreements-what-to-expect-and-what-to-negotiate.htm July 28, 2016
© 2016 Cloud Standards Customer Council www.cloud-council.org 2 Today’s Speakers Tracie Berardi Program Manager, Cloud Standards Customer Council Claude Baudoin Principal, cébé IT & Knowledge Management Energy Domain Consultant, OMG Mike Edwards Cloud Computing Standards Expert and Bluemix PaaS Evangelist, IBM Long Wang Research Staff Member, IBM T.J. Watson Research Center John Bruylant Business Cloud Broker, TheCloudTurbo
© 2016 Cloud Standards Customer Council www.cloud-council.org 3 The Cloud Standards Customer Council • Provide customer-led guidance to multiple cloud standards-defining bodies • Establishing criteria for open standards based cloud computing 600+ Organizations participating 2011/2012 Deliverables  Practical Guide to Cloud Computing  Practical Guide to Cloud SLAs  Security for Cloud Computing  Impact of Cloud on Healthcare 2013/2014 Deliverables  Convergence of SoMoClo  Analysis of Public Cloud SLAs  Cloud Security Standards  Migrating Apps to Public Cloud Services  Social Business in the Cloud  Big Data in the Cloud  Practical Guide to Cloud Computing V2  Migrating Apps: Performance Rqmnts  Cloud Interoperability/Portability http://cloud-council.org 2015 Deliverables  Web App Hosting Architecture  Mobile Cloud Architecture  Big Data Cloud Architecture  Security for Cloud Computing V2  Practical Guide to Cloud SLAs V2  Practical Guide to PaaS THE Customer’s Voice for Cloud Standards! 2016 Projects  Prac Guide to Hybrid Cloud Computing  Public Cloud Service Agreements, V2  Cloud Security Standards, V2  IoT Cloud Reference Architecture  Commerce Cloud Reference Architecture  More
What’s New in V2 ?  V1 was published in 2013  The market has evolved – many new CSP entrants  Several public cloud service providers have updated their agreements  Hybrid cloud requires provisions for integrated management of multiple cloud services & on-premises resources  Data protection issues have become much more serious  Data residency is now often recognized as an issue  Several other changes based on the experience of new co- authors © 2016 Cloud Standards Customer Council www.cloud-council.org 4
© 2016 Cloud Standards Customer Council www.cloud-council.org 5 Public Cloud Service Agreements: Current Landscape Current Landscape  CSA is comprised of four major artifacts: • Customer Agreement • Acceptable Use Policy • Service Level Agreement • Privacy Policies  Customers must pay close attention to CSA language and clauses • Mismatch between expectations and service terms common  Service level commitments for IaaS better defined than SaaS or PaaS  Service levels more flexible and negotiable for private cloud than public cloud  Size matters • Larger customers have more power to negotiate favorable terms • Over time, changes imposed by larger customers trickle down to all customers
© 2016 Cloud Standards Customer Council www.cloud-council.org 6 Companion whitepaper: Practical Guide to Cloud Service Agreements  A reference to help enterprise IT analyze CSAs  Available on CSCC Resource Hub: http://www.cloud-council.org/resource-hub.htm 10 Steps to Evaluate Cloud Service Agreements 10 Steps to Evaluate Cloud Service Agreements 1. Understand roles and responsibilities 2. Evaluate business level policies 3. Understand service and deployment model differences 4. Identify critical performance objectives 5. Evaluate security, privacy and data residency requirements 6. Identify service management requirements 7. Prepare for service failure management 8. Understand the disaster recovery plan 9. Define an effective management process 10. Understand the exit process
© 2016 Cloud Standards Customer Council www.cloud-council.org 7 Step 1: Understand roles and responsibilities Considerations  Acceptable Use Policy (AUP) - primary artifact - requires thorough review • Content Prohibitions • Security Prohibitions • Service Integrity Prohibitions • Rights of Others Prohibitions  AUPs have little consistency in wording although there is a clear pattern to the types of provisions they include  Customers should exercise caution and thoroughly review every provision before agreeing to an AUP: • Clarity • Brevity • Completeness • Focus Recommendations
Step 2: Evaluate Business-Level Policies Business Policies  Five specific polices, contained in provider’s Customer Agreement, are key: • Data policies • Changes to services, APIs or agreements • Suspension of services • Limitations of Liability • Intellectual Property Recommendations  Data Policy: • CSA should specify physical location of content • Provider should not access customer data unless required by law  Changes to Services, APIs, Agreements: • Advance notice (30 days) • Backward compatibility  Suspension of Services • Advance notice (30 days) • Sufficient time to address (60 days) • Customer data will not be deleted  Limitations of Liability • Compare Aggregate Liability and Indemnification/Disclaimer clauses  Intellectual Property • Provider should notify customers in case of a third party’s claim of IP violation © 2016 Cloud Standards Customer Council www.cloud-council.org 8
Step 3: Understand Service & Deployment Model Differences Platform as a Service (PaaS)  Important to distinguish which capabilities are part of the platform, and which ones are not  Require a clear catalog of the supported services in the platform stack CSA contents vary according to the service model Infrastructure as a Service (IaaS)  CSA is focused on availability of hardware and basic support for same  Customer is entirely responsible for all components running on the service, including applications but also operating systems, databases, etc. Software as a Service (SaaS)  CSA should address end-to-end availability of application across all components supplied by the cloud provider • Application • Middleware • Database • Storage • Computation • Network access • Security  Remember data protection for any personally identifiable information in customer data (“privacy”) © 2016 Cloud Standards Customer Council www.cloud-council.org 9
© 2016 Cloud Standards Customer Council www.cloud-council.org 10 Step 4: Identify Critical Performance Objectives  Performance goals have 4 key components: • Service Commitments • Credits • Credit Process • Exclusions  Service Commitments focus mainly on “Availability” • Guarantees, Measurement Details & Observation Periods differ  Credits are compensation for missed service commitments • Service credit calculations and maximum credit limits differ  Credit Process requires customer to take specific action to receive credit • Reporting timeframe & required information differ  Exclusions similar across all CSAs  Carefully analyze service availability commitments & associated credits  Understand business impact of a single outage corresponding to maximum downtime  Analyze service credit calculations and maximum credit limits  Compare service credit processes  Examine commitment exclusions  Automate process for detecting and logging service outages  Look for API call response time service level objectives  SLA metrics are limited and no standards currently exist Considerations Recommendations
Recommendations  Security, privacy and data residency statements should be explicit  Customers should look for certifications  Providers should commit to specific physical and logical security practices  Provider must notify customer when data is handed over to third party / law enforcement  Look for emergency mechanisms to resolve security breaches  Insist provider investigates incidents with due diligence, and can restore deleted data  Provider must take measures to ensure privacy of personal information contained in customer data  Provider should know data residency and data protection laws/regulations, and offer options regarding where data is stored Considerations  Security and privacy language often spread among several documents: All need to be checked  Most clauses obligate the customer to protect the provider, not the other way around  Impact of security breaches can be much larger than cost of the service  Provider’s security measures and certification(s) should be visible  Does the cloud provider commit to privacy of personally identifiable information contained in customer data?  Data residency commitments are increasingly important but often omitted © 2016 Cloud Standards Customer Council www.cloud-council.org 11 Step 5: Evaluate Security, Privacy & Data Residency Requirements
© 2016 Cloud Standards Customer Council www.cloud-council.org 12 Step 6: Identify service management requirements Considerations  Organizations must monitor and manage cloud services they use  Don’t expect service agreements to specify much - be ready to perform your own due diligence  Aspects contributing to service management • Auditing • Monitoring and reporting • Measurement & metering • Provisioning • Change management • Upgrades & patching Recommendations  Precisely define objectives and ensure provider offers adequate level of support  Understand service management capabilities available with cloud service  Consider cloud management platforms (CMPs) in a hybrid cloud situation  Consider provider’s commitments to stability of functionality over time  Ask for detailed and regular metrics on contracted services  Examine the definitions and potential impact of each service metric  Ask questions related to service management maturity  Retain in-house the service management expertise required to monitor and improve cloud service performance
© 2016 Cloud Standards Customer Council www.cloud-council.org 13 Step 7: Prepare for service failure management Considerations  There is typically little in current service agreements  Therefore, the burden is on the customer  Compensation is tied to the price of the service, not the impact on your business  Key failure management systems • Event management • Incident management • Problem management  Failure Metrics • Mean Time Between Failures (MTBF) • Mean Time to Recover (MTTR) • Mean Time to Failure (MTTF)  Insist provider offer interface for sending failure and alert data  Ensure provider offers interface to report failures to the provider  Insist provider offers an Expected Time to Resolution (ETR) for any service failure  Evaluate cloud services support resilient features such as replication, clustering, fail over, etc.  Understand responsibilities and hand- off procedures  Confirm provider’s monitoring capabilities do not violate data privacy stipulations  Assess MTBF, MTTR, and MTTF to determine expected service downtimes Recommendations
© 2016 Cloud Standards Customer Council www.cloud-council.org 14 Considerations  Use of public cloud services does not absolve the user from serious DR and Business Continuity planning  Service agreements focus on limiting the provider’s liability • SLA exclusions • Disclaimers • Limitations of liability  Devise a disaster recovery plan • Prioritize apps, services and data • Determine acceptable downtime  Ensure business critical content is stored redundantly in different geographical locations  Define Recovery Point Objective (RPO) and Recovery Time Objective (RTO)  Ensure appropriate frequency of backups based on content criticality  Use data and app replication capabilities provided by cloud service  Implement mechanism to promptly detect and quantify outages Recommendations Step 8: Understand the disaster recovery plan
© 2016 Cloud Standards Customer Council www.cloud-council.org 15 Step 9: Define an effective governance policy Considerations  Governance complicated by responsibility split between customer and provider • Control and oversight • Elements controlled by provider  Key elements: • Periodic assessment – service levels, compliance • Reports – key indicators, service failures • Problem reporting & status • Change notifications • Request processing • User satisfaction  Escalation process • Up to & including termination of service agreement Recommendations  Agreements are typically silent about communication and escalation processes  Potential areas for negotiation are: • Regular status meetings • Single point-of-contact designation • Automatic notifications • APIs or Web services for management queries  In the absence of defined management interfaces, and for services that require strict notification, escalation and restoration procedures, public cloud services may not be appropriate solutions
© 2016 Cloud Standards Customer Council www.cloud-council.org 16 Step 10: Understand the exit process Considerations  Exit process should be part of any CSA  Customer exit plan • Procedures • Provider assistance • Fees • Retrieval of customer data • Business continuity during exit  Requirement for provider to delete copies of customer data  Requirement for provider to cleanse log & audit data • Retention of records for specified periods may be required by law Recommendations  Ensure agreement specifies advance notice will be given for all terminations  Develop contingency plans / procedures to: • Find new cloud service • Extract and reload data • Switch to new cloud service  As part of the termination process, insist that provider offer assistance to facilitate data extraction  Ensure all customer data maintained for a specific time period after transition  At the completion of the exit process, customers should receive written confirmation from provider that all customer’s data has been completely removed from the provider’s systems
© 2016 Cloud Standards Customer Council www.cloud-council.org 17 New Developments  Work is taking place in the area of Cloud Service Agreements  ISO/IEC is well advanced with the 19086 standard  EU SLALOM project  Both aim at:  Standardized terminology  Listing of many potential CSA items  Standardized metrics  Codes of Conduct & Certification schemes continue to evolve  Especially in the area of data protection New Developments
© 2016 Cloud Standards Customer Council www.cloud-council.org 18 Summary  Don’t “sign on the bottom line” without understanding the various documents that govern the relationship  Not everything is negotiable – but not everything is fixed either. Understand where you can ask for better terms (and determine if they’re worth paying more for)  Use our recommendations tables to evaluate a proposed CSA and detect areas that don’t meet your business requirements  Have a baseline – what are the current service levels of your incumbent providers or your in-house systems?  Be careful about how service levels are measured (e.g., measurement time windows)  Understand what happens in worst case scenarios (data breach, service failure, etc.)  Remain in charge of governance – don’t abdicate your own responsibilities to the public cloud service provider
© 2016 Cloud Standards Customer Council www.cloud-council.org 19  Join the CSCC Now! – To have an impact on customer use case based standards requirements – To learn about all Cloud Standards within one organization – To help define the CSCC’s future roadmap – Membership is free & easy: http://www.cloud-council.org/become-a-member  Get Involved! – Join one or more of the CSCC Working Groups http://www.cloud-council.org/workinggroups  Leverage CSCC Collateral! – Visit http://www.cloud-council.org/resource-hub Call to Action
© 2016 Cloud Standards Customer Council www.cloud-council.org 20 Thank You !

Recommandé

Hybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsHybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and Analytics
Cloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Standards Customer Council
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
Cloud Standards Customer Council
 
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Standards Customer Council
 
Cloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-CommerceCloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-Commerce
Cloud Standards Customer Council
 
Cloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid IntegrationCloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid Integration
Cloud Standards Customer Council
 

Recommandé

Hybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and AnalyticsHybrid Cloud Considerations for Big Data and Analytics
Hybrid Cloud Considerations for Big Data and Analytics
Cloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Customer Architecture for Big Data and Analytics V2.0
Cloud Standards Customer Council
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
Cloud Standards Customer Council
 
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social CollaborationCloud Customer Architecture for Enterprise Social Collaboration
Cloud Customer Architecture for Enterprise Social Collaboration
Cloud Standards Customer Council
 
Cloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-CommerceCloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-Commerce
Cloud Standards Customer Council
 
Cloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid IntegrationCloud Customer Architecture for Hybrid Integration
Cloud Customer Architecture for Hybrid Integration
Cloud Standards Customer Council
 
Cloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and AnalyticsCloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and Analytics
Cloud Standards Customer Council
 
Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017
Cloud Standards Customer Council
 
Practical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsPractical Guide to Cloud Management Platforms
Practical Guide to Cloud Management Platforms
Cloud Standards Customer Council
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0
Cloud Standards Customer Council
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service
Cloud Standards Customer Council
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016
Cloud Standards Customer Council
 
Hyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateHyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community Update
Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentation
ddcarr
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
Caroline Hsieh
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
Harsh V Sehgal
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS Overview
Maganathin Veeraragaloo
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
PECB
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
PT Datacomm Diangraha
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Cloud Standards Customer Council
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
PT Datacomm Diangraha
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSC
Amazon Web Services
 
Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud Computing
Cloud Standards Customer Council
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
Ankit Gupta
 

Contenu connexe

Tendances

Practical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsPractical Guide to Cloud Management Platforms
Practical Guide to Cloud Management Platforms
Cloud Standards Customer Council
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0
Cloud Standards Customer Council
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service
Cloud Standards Customer Council
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016
Cloud Standards Customer Council
 
Hyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateHyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community Update
Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
Caroline Hsieh
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Cloud Standards Customer Council
 

Tendances (20)

Cloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and AnalyticsCloud Customer Architecture for Big Data and Analytics
Cloud Customer Architecture for Big Data and Analytics
 
Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017Cloud Foundry Road Map in 2017
Cloud Foundry Road Map in 2017
 
Practical Guide to Cloud Management Platforms
Practical Guide to Cloud Management PlatformsPractical Guide to Cloud Management Platforms
Practical Guide to Cloud Management Platforms
 
Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0Interoperability and Portability for Cloud Computing: A Guide V2.0
Interoperability and Portability for Cloud Computing: A Guide V2.0
 
Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service Practical Guide to Platform-as-a-Service
Practical Guide to Platform-as-a-Service
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016Cloud Foundry Roadmap in 2016
Cloud Foundry Roadmap in 2016
 
Hyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community UpdateHyperledger: Market, Technology & Community Update
Hyperledger: Market, Technology & Community Update
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Software Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing PresentationSoftware Association of Oregon Cloud Computing Presentation
Software Association of Oregon Cloud Computing Presentation
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS Overview
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital TransformationHybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
Hybrid IT, Laying the "Right Mix" Foundation for Digital Transformation
 
Kubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing FoundationKubernetes and Container Technologies from Cloud Native Computing Foundation
Kubernetes and Container Technologies from Cloud Native Computing Foundation
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSC
 

Similaire à Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0

CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Pg cloud sla040512mgreer
Pg cloud sla040512mgreerPg cloud sla040512mgreer
Pg cloud sla040512mgreer
Accenture
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Open Data Center Alliance
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
David Linthicum
 

Similaire à Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0 (20)

Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud Computing
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
Cloud Security.ppt
Cloud Security.pptCloud Security.ppt
Cloud Security.ppt
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
 
Pg cloud sla040512mgreer
Pg cloud sla040512mgreerPg cloud sla040512mgreer
Pg cloud sla040512mgreer
 
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence StrategiesCloud & Enterprise IT. Hybrid IT, Coexistence Strategies
Cloud & Enterprise IT. Hybrid IT, Coexistence Strategies
 
4. cloud procurement
4. cloud procurement4. cloud procurement
4. cloud procurement
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Overcoming Barriers to the Cloud
Overcoming Barriers to the Cloud Overcoming Barriers to the Cloud
Overcoming Barriers to the Cloud
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS Solution
 
Cloud Computing Best Practices
Cloud Computing Best PracticesCloud Computing Best Practices
Cloud Computing Best Practices
 
Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)Forecast 2014: Infrastructure as a Service (IaaS)
Forecast 2014: Infrastructure as a Service (IaaS)
 
Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 

Plus de Cloud Standards Customer Council

Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
Cloud Standards Customer Council
 
Cloud Customer Architecture for Blockchain
Cloud Customer Architecture for BlockchainCloud Customer Architecture for Blockchain
Cloud Customer Architecture for Blockchain
Cloud Standards Customer Council
 
Hyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for BusinessHyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for Business
Cloud Standards Customer Council
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
Interoperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A GuideInteroperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A Guide
Cloud Standards Customer Council
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
Cloud Standards Customer Council
 
OASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle ManagementOASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle Management
Cloud Standards Customer Council
 

Plus de Cloud Standards Customer Council (9)

What's New in Cloud Foundry
What's New in Cloud FoundryWhat's New in Cloud Foundry
What's New in Cloud Foundry
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
 
Cloud Customer Architecture for Blockchain
Cloud Customer Architecture for BlockchainCloud Customer Architecture for Blockchain
Cloud Customer Architecture for Blockchain
 
Hyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for BusinessHyperledger: Advancing Blockchain Technology for Business
Hyperledger: Advancing Blockchain Technology for Business
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
Interoperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A GuideInteroperability and Portability for Cloud Computing: A Guide
Interoperability and Portability for Cloud Computing: A Guide
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
 
OASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle ManagementOASIS TOSCA: Cloud Portability and Lifecycle Management
OASIS TOSCA: Cloud Portability and Lifecycle Management
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack Summit
 

Dernier

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 

Dernier (20)

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 

Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0

  • 1. Public Cloud Service Agreements: What to Expect & What to Negotiate V2.0 http://www.cloud-council.org/deliverables/public-cloud-service- agreements-what-to-expect-and-what-to-negotiate.htm July 28, 2016
  • 2. © 2016 Cloud Standards Customer Council www.cloud-council.org 2 Today’s Speakers Tracie Berardi Program Manager, Cloud Standards Customer Council Claude Baudoin Principal, cébé IT & Knowledge Management Energy Domain Consultant, OMG Mike Edwards Cloud Computing Standards Expert and Bluemix PaaS Evangelist, IBM Long Wang Research Staff Member, IBM T.J. Watson Research Center John Bruylant Business Cloud Broker, TheCloudTurbo
  • 3. © 2016 Cloud Standards Customer Council www.cloud-council.org 3 The Cloud Standards Customer Council • Provide customer-led guidance to multiple cloud standards-defining bodies • Establishing criteria for open standards based cloud computing 600+ Organizations participating 2011/2012 Deliverables  Practical Guide to Cloud Computing  Practical Guide to Cloud SLAs  Security for Cloud Computing  Impact of Cloud on Healthcare 2013/2014 Deliverables  Convergence of SoMoClo  Analysis of Public Cloud SLAs  Cloud Security Standards  Migrating Apps to Public Cloud Services  Social Business in the Cloud  Big Data in the Cloud  Practical Guide to Cloud Computing V2  Migrating Apps: Performance Rqmnts  Cloud Interoperability/Portability http://cloud-council.org 2015 Deliverables  Web App Hosting Architecture  Mobile Cloud Architecture  Big Data Cloud Architecture  Security for Cloud Computing V2  Practical Guide to Cloud SLAs V2  Practical Guide to PaaS THE Customer’s Voice for Cloud Standards! 2016 Projects  Prac Guide to Hybrid Cloud Computing  Public Cloud Service Agreements, V2  Cloud Security Standards, V2  IoT Cloud Reference Architecture  Commerce Cloud Reference Architecture  More
  • 4. What’s New in V2 ?  V1 was published in 2013  The market has evolved – many new CSP entrants  Several public cloud service providers have updated their agreements  Hybrid cloud requires provisions for integrated management of multiple cloud services & on-premises resources  Data protection issues have become much more serious  Data residency is now often recognized as an issue  Several other changes based on the experience of new co- authors © 2016 Cloud Standards Customer Council www.cloud-council.org 4
  • 5. © 2016 Cloud Standards Customer Council www.cloud-council.org 5 Public Cloud Service Agreements: Current Landscape Current Landscape  CSA is comprised of four major artifacts: • Customer Agreement • Acceptable Use Policy • Service Level Agreement • Privacy Policies  Customers must pay close attention to CSA language and clauses • Mismatch between expectations and service terms common  Service level commitments for IaaS better defined than SaaS or PaaS  Service levels more flexible and negotiable for private cloud than public cloud  Size matters • Larger customers have more power to negotiate favorable terms • Over time, changes imposed by larger customers trickle down to all customers
  • 6. © 2016 Cloud Standards Customer Council www.cloud-council.org 6 Companion whitepaper: Practical Guide to Cloud Service Agreements  A reference to help enterprise IT analyze CSAs  Available on CSCC Resource Hub: http://www.cloud-council.org/resource-hub.htm 10 Steps to Evaluate Cloud Service Agreements 10 Steps to Evaluate Cloud Service Agreements 1. Understand roles and responsibilities 2. Evaluate business level policies 3. Understand service and deployment model differences 4. Identify critical performance objectives 5. Evaluate security, privacy and data residency requirements 6. Identify service management requirements 7. Prepare for service failure management 8. Understand the disaster recovery plan 9. Define an effective management process 10. Understand the exit process
  • 7. © 2016 Cloud Standards Customer Council www.cloud-council.org 7 Step 1: Understand roles and responsibilities Considerations  Acceptable Use Policy (AUP) - primary artifact - requires thorough review • Content Prohibitions • Security Prohibitions • Service Integrity Prohibitions • Rights of Others Prohibitions  AUPs have little consistency in wording although there is a clear pattern to the types of provisions they include  Customers should exercise caution and thoroughly review every provision before agreeing to an AUP: • Clarity • Brevity • Completeness • Focus Recommendations
  • 8. Step 2: Evaluate Business-Level Policies Business Policies  Five specific polices, contained in provider’s Customer Agreement, are key: • Data policies • Changes to services, APIs or agreements • Suspension of services • Limitations of Liability • Intellectual Property Recommendations  Data Policy: • CSA should specify physical location of content • Provider should not access customer data unless required by law  Changes to Services, APIs, Agreements: • Advance notice (30 days) • Backward compatibility  Suspension of Services • Advance notice (30 days) • Sufficient time to address (60 days) • Customer data will not be deleted  Limitations of Liability • Compare Aggregate Liability and Indemnification/Disclaimer clauses  Intellectual Property • Provider should notify customers in case of a third party’s claim of IP violation © 2016 Cloud Standards Customer Council www.cloud-council.org 8
  • 9. Step 3: Understand Service & Deployment Model Differences Platform as a Service (PaaS)  Important to distinguish which capabilities are part of the platform, and which ones are not  Require a clear catalog of the supported services in the platform stack CSA contents vary according to the service model Infrastructure as a Service (IaaS)  CSA is focused on availability of hardware and basic support for same  Customer is entirely responsible for all components running on the service, including applications but also operating systems, databases, etc. Software as a Service (SaaS)  CSA should address end-to-end availability of application across all components supplied by the cloud provider • Application • Middleware • Database • Storage • Computation • Network access • Security  Remember data protection for any personally identifiable information in customer data (“privacy”) © 2016 Cloud Standards Customer Council www.cloud-council.org 9
  • 10. © 2016 Cloud Standards Customer Council www.cloud-council.org 10 Step 4: Identify Critical Performance Objectives  Performance goals have 4 key components: • Service Commitments • Credits • Credit Process • Exclusions  Service Commitments focus mainly on “Availability” • Guarantees, Measurement Details & Observation Periods differ  Credits are compensation for missed service commitments • Service credit calculations and maximum credit limits differ  Credit Process requires customer to take specific action to receive credit • Reporting timeframe & required information differ  Exclusions similar across all CSAs  Carefully analyze service availability commitments & associated credits  Understand business impact of a single outage corresponding to maximum downtime  Analyze service credit calculations and maximum credit limits  Compare service credit processes  Examine commitment exclusions  Automate process for detecting and logging service outages  Look for API call response time service level objectives  SLA metrics are limited and no standards currently exist Considerations Recommendations
  • 11. Recommendations  Security, privacy and data residency statements should be explicit  Customers should look for certifications  Providers should commit to specific physical and logical security practices  Provider must notify customer when data is handed over to third party / law enforcement  Look for emergency mechanisms to resolve security breaches  Insist provider investigates incidents with due diligence, and can restore deleted data  Provider must take measures to ensure privacy of personal information contained in customer data  Provider should know data residency and data protection laws/regulations, and offer options regarding where data is stored Considerations  Security and privacy language often spread among several documents: All need to be checked  Most clauses obligate the customer to protect the provider, not the other way around  Impact of security breaches can be much larger than cost of the service  Provider’s security measures and certification(s) should be visible  Does the cloud provider commit to privacy of personally identifiable information contained in customer data?  Data residency commitments are increasingly important but often omitted © 2016 Cloud Standards Customer Council www.cloud-council.org 11 Step 5: Evaluate Security, Privacy & Data Residency Requirements
  • 12. © 2016 Cloud Standards Customer Council www.cloud-council.org 12 Step 6: Identify service management requirements Considerations  Organizations must monitor and manage cloud services they use  Don’t expect service agreements to specify much - be ready to perform your own due diligence  Aspects contributing to service management • Auditing • Monitoring and reporting • Measurement & metering • Provisioning • Change management • Upgrades & patching Recommendations  Precisely define objectives and ensure provider offers adequate level of support  Understand service management capabilities available with cloud service  Consider cloud management platforms (CMPs) in a hybrid cloud situation  Consider provider’s commitments to stability of functionality over time  Ask for detailed and regular metrics on contracted services  Examine the definitions and potential impact of each service metric  Ask questions related to service management maturity  Retain in-house the service management expertise required to monitor and improve cloud service performance
  • 13. © 2016 Cloud Standards Customer Council www.cloud-council.org 13 Step 7: Prepare for service failure management Considerations  There is typically little in current service agreements  Therefore, the burden is on the customer  Compensation is tied to the price of the service, not the impact on your business  Key failure management systems • Event management • Incident management • Problem management  Failure Metrics • Mean Time Between Failures (MTBF) • Mean Time to Recover (MTTR) • Mean Time to Failure (MTTF)  Insist provider offer interface for sending failure and alert data  Ensure provider offers interface to report failures to the provider  Insist provider offers an Expected Time to Resolution (ETR) for any service failure  Evaluate cloud services support resilient features such as replication, clustering, fail over, etc.  Understand responsibilities and hand- off procedures  Confirm provider’s monitoring capabilities do not violate data privacy stipulations  Assess MTBF, MTTR, and MTTF to determine expected service downtimes Recommendations
  • 14. © 2016 Cloud Standards Customer Council www.cloud-council.org 14 Considerations  Use of public cloud services does not absolve the user from serious DR and Business Continuity planning  Service agreements focus on limiting the provider’s liability • SLA exclusions • Disclaimers • Limitations of liability  Devise a disaster recovery plan • Prioritize apps, services and data • Determine acceptable downtime  Ensure business critical content is stored redundantly in different geographical locations  Define Recovery Point Objective (RPO) and Recovery Time Objective (RTO)  Ensure appropriate frequency of backups based on content criticality  Use data and app replication capabilities provided by cloud service  Implement mechanism to promptly detect and quantify outages Recommendations Step 8: Understand the disaster recovery plan
  • 15. © 2016 Cloud Standards Customer Council www.cloud-council.org 15 Step 9: Define an effective governance policy Considerations  Governance complicated by responsibility split between customer and provider • Control and oversight • Elements controlled by provider  Key elements: • Periodic assessment – service levels, compliance • Reports – key indicators, service failures • Problem reporting & status • Change notifications • Request processing • User satisfaction  Escalation process • Up to & including termination of service agreement Recommendations  Agreements are typically silent about communication and escalation processes  Potential areas for negotiation are: • Regular status meetings • Single point-of-contact designation • Automatic notifications • APIs or Web services for management queries  In the absence of defined management interfaces, and for services that require strict notification, escalation and restoration procedures, public cloud services may not be appropriate solutions
  • 16. © 2016 Cloud Standards Customer Council www.cloud-council.org 16 Step 10: Understand the exit process Considerations  Exit process should be part of any CSA  Customer exit plan • Procedures • Provider assistance • Fees • Retrieval of customer data • Business continuity during exit  Requirement for provider to delete copies of customer data  Requirement for provider to cleanse log & audit data • Retention of records for specified periods may be required by law Recommendations  Ensure agreement specifies advance notice will be given for all terminations  Develop contingency plans / procedures to: • Find new cloud service • Extract and reload data • Switch to new cloud service  As part of the termination process, insist that provider offer assistance to facilitate data extraction  Ensure all customer data maintained for a specific time period after transition  At the completion of the exit process, customers should receive written confirmation from provider that all customer’s data has been completely removed from the provider’s systems
  • 17. © 2016 Cloud Standards Customer Council www.cloud-council.org 17 New Developments  Work is taking place in the area of Cloud Service Agreements  ISO/IEC is well advanced with the 19086 standard  EU SLALOM project  Both aim at:  Standardized terminology  Listing of many potential CSA items  Standardized metrics  Codes of Conduct & Certification schemes continue to evolve  Especially in the area of data protection New Developments
  • 18. © 2016 Cloud Standards Customer Council www.cloud-council.org 18 Summary  Don’t “sign on the bottom line” without understanding the various documents that govern the relationship  Not everything is negotiable – but not everything is fixed either. Understand where you can ask for better terms (and determine if they’re worth paying more for)  Use our recommendations tables to evaluate a proposed CSA and detect areas that don’t meet your business requirements  Have a baseline – what are the current service levels of your incumbent providers or your in-house systems?  Be careful about how service levels are measured (e.g., measurement time windows)  Understand what happens in worst case scenarios (data breach, service failure, etc.)  Remain in charge of governance – don’t abdicate your own responsibilities to the public cloud service provider
  • 19. © 2016 Cloud Standards Customer Council www.cloud-council.org 19  Join the CSCC Now! – To have an impact on customer use case based standards requirements – To learn about all Cloud Standards within one organization – To help define the CSCC’s future roadmap – Membership is free & easy: http://www.cloud-council.org/become-a-member  Get Involved! – Join one or more of the CSCC Working Groups http://www.cloud-council.org/workinggroups  Leverage CSCC Collateral! – Visit http://www.cloud-council.org/resource-hub Call to Action
  • 20. © 2016 Cloud Standards Customer Council www.cloud-council.org 20 Thank You !