Your SlideShare is downloading. ×
0
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Demystifying Cloud Contracts And SLAs
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Demystifying Cloud Contracts And SLAs

392

Published on

Cloud computing, Cloud Governance, Risk Management, Compliance, SAP, Cloud Security, Risk, Cyber security, Cloud services, Software compliance, Risk assessment,Force.com, Salesforce, ClearGRC, Start …

Cloud computing, Cloud Governance, Risk Management, Compliance, SAP, Cloud Security, Risk, Cyber security, Cloud services, Software compliance, Risk assessment,Force.com, Salesforce, ClearGRC, Start ups, Small business, Cloud computing technology, Risk intelligence, Social governance, Ethical governance, buy, custom development on cloud, ITO , GRC BPO , custom development on Salesforce, top 5, big data, GEW 50, Enterprise GRC, Governance, Risk, Regulatory Compliant Cloud, Inc 5000,GRC Platforms Governance, Chatter, growing eco-system, SAP, Security and assurance, Encryption, Top Security, ISO 27001 certified security, SLA, Cloud Contracts, Cloud encryption, Security assessments, SaaS, PaaS, IaaS, system security, Business Friendly, NO RISK, Resilient risk management, Global Risk Portfolio, compliance domains, Cloud 2.0, Cloud 101, GRC 2.0,Audit trail, Project management, Collaboration, workflow, Sustainable, Ethical, Globally, Corporate Governance, Sustainability Initiatives, SocialGRC, customer, Web-based, experts, global governance, privacy specialists, GRCWeaver, Security Solutions, global leader, IT Lifecycle, ERP technologies, Microsoft BizSparks, secure web-based applications, Cloud Security Alliance, Cloud Control Audit Matrices, stakeholders, Partners, ConfidentNOW, Webinar Series, Executives

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
392
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Bhavesh
  • Bhavesh to introduce Speakers and Thank EnCrisp and CG for hosting this series of webinars.
  • EnCrisp CG Safe Harbor Disclosure
  • Bhavesh to layout Agenda and discuss why Service Level Agreements and controls around them are something every executive in IT and Governance needs to be concerned about especially in Subscription Economy.
  • Q for Ken – SO Ken - What we are seeing is tremendous amounts of market interest in moving towards the Cloud. can you please describe in a layman's term what these concepts mean before we dig too deep and why SLA is important in Cloud?And how do you define these terms for business executive who is not a lawyer.
  • Ken – That’s excellent now from a risk point of view why are SLA and governance around it so important what is he risk perspective around this. And I know we will get into some risk mitigation approaches later, but lets discuss the overall scenario here.
  • Ken
  • Ken – This is good but what are Cloud provoiders saying about this SLA and metrics. Are they providing enough tracking for SLAs to be able to track and measure. We are working with Carnegie Mellon University whwre we are doing some exciting reasearch in automating this and we will dicuss this in future webinars.
  • ken
  • Bhavesh - It appears that SLAs and its importance only increses as you move down the stack I Cloud from SAAS to IAAS so vendor metric and transparency are key. Can you provide some thoughts around this.
  • Bhavesh and John: Introduce NIST and the Sub Groups around Governance of Cloud.
  • John
  • John
  • Bhavesh Q – for John – So John this is great and thank to you and your team for continuing to push forward in this regards can you please describe some immediate tangible reasons why SLA are so important seems to me that most people think this is options , but its not so flexible, some of the regulations mandate that we have to think of this now?
  • John So John what the key risk areas to look at when we see SLA Governance and what are some of the tools NIST has developed to assist in helping in this regards.
  • Bhavesh – This seems very unique in its approach, can you please describe the usefulness of Mind Maps in Governance. How deep should one go when we build these for an organization
  • John
  • Ken – So Ken how does one monitor this. We will be doing a special Automating FedRAMP CIS seminar in March where we will discuss the tool also, but from SLA point of view what do we need to think of in terms of documenting the process.
  • John
  • Bhavesh So Ken and John if you were to Summarize what are the three key points that we need to remember.
  • bhavesh
  • Bhavesh
  • Bhavesh
  • Transcript

    • 1. ConfidentNOW Global Governance Webinar Series Cloud Contracts and SLAs Mastering SLA Governance Speaker – Dr. Ken Stavinoha, PhD, Cisco Mr. John Messina, Computer Scientist, NIST Host – Bhavesh C. Bhagat, EnCrisp - ConfidentGovernance.com CGEIT, CISM, MBA, BEConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 2. Today’s Presenters Dr. Ken Stavinoha, PhD, CISM, CISSP – Cisco Mr. John Messina, Computer Scientist -NIST Bhavesh C. Bhagat, CISM, CGEIT, MBA, BE – EnCrisp – ConfidentGovernance.comConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 3. is an INC 500 award winning global leader in providing “business driven” solutions enhancing trust, governance, cyber security and risk transparency since 2004.  EnCrisp’ s Confident Governance® is award winning “Governance as a Service®- Cloud Governance™ Company. 2011 Global Entrepreneurship (GEW50) Kauffman 50 Global Awardee  Governance, Security, Risk, Audit and Social Compliance Collaboration platform that you access over the Internet and pay-as-you-go.  AWARDS – INC 500, 2011 Global Entrepreneurship Kauffman 50 Start-Ups, 2011 NVTC, Hot Ticket Hottest Buzz, 2011 GovTek Best Cloud Government Solution, 2010, Business Insurance Risk TechnologyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 4. Cloud Contracts And SLA Governance i. Intro to Service Level Agreement ii. Cloud Services Scope and Control iii. SLA NIST Contracts iv. Risk Factors Affecting Cloud SLAs v. Resources and Next Webinar…ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 5. Cloud Services Scope and Control Source: NIST SP800-144 DraftConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 6. SLA Definition Service Agreement: known as “Terms of Service” ,“Terms and Conditions” A legal document specifying the rules of the legal contract between the cloud user and the cloud provider. Service-Level Agreement: A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. (NIST SP 800-146)ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 7. Cloud Computing Risks Source: Ernst & Young 2010 Global Information Security Survey Differences in Scope and Control among Cloud Service ModelsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 8. Cloud Risk Mitigation Source: Ernst & Young 2011 Global Information Security SurveyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 9. What Providers Say: Cloud Adoption Drivers Source: 2011 Ponemon Insititute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 10. What Providers Say: Cloud Security Risk Mitigation Source: 2011 Ponemon Institute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 11. What Providers Say: Who is Responsible for Cloud Security Source: 2011 Ponemon Institute Security of Cloud Computing Providers StudyConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 12. NIST CC Public Working Groups NIST’s Goal: Accelerate the federal government’s adoption of cloud computing – Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders Voluntary Working Groups with industry, SDOs, USG, academia (launched Nov. 5, 2010) • 5 Working Groups (Reference Architecture / Taxonomy, Security, Standards Roadmap, …) • 300+ registered members per working groupConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 13. Contract/SLA Subgroup • RATAX working group was asked to identify additional areas of cloud computing that could be better defined through the development of appropriate taxonomies • SLA sub-group focused on identifying if there was any suitable existing SLA format or guide that could be used to identify all the key elements that should go into a Cloud SLA • Existing contracts and research examined for commonalities and relationships in form and content • Collected/formulated definitions pertinent to cloud contracts and SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 14. Role of Contracts and SLAs  Contracts and service level agreements play a key role in the procurement of cloud computing services.  The consumer may have an agreement with one provider, but the service may be delivered via a myriad of subcontractors or other dependencies who have no contractual obligation directly with the consumer.  Consumer may have no knowledge of these third parties unless the provider chooses, or is otherwise required, to disclose them, and yet these entities may incur risk for which the consumer could ultimately be liable.ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 15. Agency Compliance Requirements • Computer Fraud and Abuse Act [PL 99-474, 18 USC 1030] • E-Authentication Guidance for Federal Agencies [OMB M-04-04] • Federal Information Security Management Act (FISMA) of 2002 [Title III, PL 107-347] • Freedom of Information Act as Amended in 2002 [PL 104-232, 5 USC 552] • Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy [OMB M-01- 05] • Homeland Security Presidential Directive-7, Critical Infrastructure Identification, Prioritization, and Protection [HSPD-7] • Internal Control Systems [OMB Circular A-123] • Management of Federal Information Resources [OMB Circular A-130] • Management’s Responsibility for Internal Control [OMB Circular A-123, Revised 12/21/2004] • Privacy Act of 1974 as amended [5 USC 552a] • Protection of Sensitive Agency Information [OMB M-06-16] • Records Management by Federal Agencies [44 USC 31] • Rehabilitation Act of 1973 [Section 508 Amendment] • Responsibilities for the Maintenance of Records About Individuals by Federal Agencies [OMB Circular A-108, as amended] • Security of Federal Automated Information Systems [OMB Circular A-130, Appendix III] • The Federal Risk and Authorization Management Program (FedRAMP)ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 16. Four Pillars of SLA Governance Contract Legal Cloud Landscape SLA Service Provider MetricsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 17. Cloud MSA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 18. Cloud SLA Mind MapConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 19. FedRAMP CIS WorksheetConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 20. Ongoing Work of NIST CC Contract and SLA Subgroup • Analyze negotiated SLAs/Contracts • Complete the NIST RA Cloud Contract/SLA draft document and present for public comment • Collaboration with the Cloud Metrics team • Participation in the ISO/IET JTC SC38 effort on cloud SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 21. THREE KEY TAKEAWAYS Look Before You Leap - Consumers need to perform reasonable due diligence in examining cloud providers and their subcontractors Solicit Input- A committee, rather than one or two individuals, should formulate the requirements for cloud contracts – including SLAs Don’t Reinvent the Wheel - Organizations should examine existing controls to identify key issues to include in cloud service contracts and SLAsConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 22. RESOURCES www.confidentgovernance.com/confidentnow http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf http://collaborate.nist.gov/twiki-cloud- computing/pub/CloudComputing/RATax_Jan20_2012/NIST_CC_WG_ContractSLA_Deliverable_Dra ft_v1.9.pdf http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_CloudMetrics http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final- april-2011.pdf http://www.ey.com/GL/en/Services/Advisory/IT-Risk-and-Assurance/13th-Global-Information- Security-Survey-2010---Information-technology--friend-or-foe-  http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf http://csrc.nist.gov/publications/PubsSPs.html.ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 23. Questions & Comments For additional Information: Ken E. Stavinoha, PhD NIST CC RA Contracts/SLA Sub-team Leader kstavino@mail.com John Messina Chair, NIST CC RA Working Group John.messina@nist.gov Bhavesh C. Bhagat Co-Founder, EnCrisp and ConfidentGovernance.com bb@encrisp.comConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 24. ConfidentNOW Global Governance Webinar Series NEXT WEBINAR IN SERIES Cloud Encryption DATE: Feb.28, 2013 TIME:11.00-11.45 A.M Speaker – Dr. Ken Stavinoha, Cisco System Dr. Sarbari Gupta, Electrosoft Host – Bhavesh C. Bhagat, EnCrisp – ConfidentGovernance.com Register Now: : http://bit.ly/WyH7R8 http://www.confidentgovernance.com/events/88-webinarConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators
    • 25. ConfidentGovernance.com- Award winning Cloud migration expertsPatent pending “Governance as a Service®” innovators

    ×