Cade Zvavanjanja, profile picture
Uploaded byCade Zvavanjanja
PPT, PDF5,860 views

Cloud computing & service level agreements

This document discusses cloud computing and service level agreements. It begins by defining different types of cloud computing models like SaaS, PaaS, and IaaS. It then discusses how cloud computing differs from traditional on-premise storage by addressing issues like data location, custody, and multi-tenancy. The document outlines important considerations for service level agreements including security, data encryption, privacy, regulatory compliance, and transparency. It emphasizes that SLAs should define metrics and responsibilities to ensure the cloud provider delivers the promised level of service. Finally, it cautions that moving to the cloud requires understanding issues like security, portability, accessibility, and data location laws.

Embed presentation

Downloaded 220 times
Computing in the clouds while wearing a good service level agreement By Cade Zvavanjanja CISO Gainful Information Security
THE CLOUD  “Cloud Computing” can mean different things  SaaS, PaaS, IaaS  Public Definitions:  NIST  Berkeley  ABA Legal Tech Resource Center  Service & Deployment Models:  Private, Public, Hybrid
DIFFERENT THAN BOXES STORED AT IRON MOUNTAIN?
HOW CLOUD DIFFERS  Access  Data Location  Greater Custody and Control Differentiation  Multi-Tenancy Capability
CLOUDY QUESTIONS  Location issues  Operation issues  Legislative/Regulatory issues  3rd party contractual limitations  Security/Privacy issues  Litigation/Investigative issues  Authenticity/Admissibility issues
CLOUD: WHEN BAD THINGS HAPPEN TO GOOD EVIDENCE  General Considerations  Potential Liability for Spoliation  Minimize Risk by Addressing Up Front the Need to Preserve and Produce ESI  Remedies for Spoliation
HOW DO YOU CONDUCT A FORENSIC EXAMINATION IN THE CLOUD?
CLOUD COMPUTING SERVICE LEVEL AGREEMENT CONSIDERATIONS  Use of data/Security  Location of data  No change of terms  Destruction  Ownership (assignment)  Subpoena response  Regulatory requirements  Insurance/Indemnity  Audits
SERVICE LEVEL AGREEMENT (SLA) SLA should contain:  The list of services the provider will deliver and a complete definition of each service.  Metrics to determine whether the provider is delivering the service as promised  Auditing mechanism to monitor the service.  Responsibilities of the provider and the consumer  Remedies available to both provider and client if the terms of the SLA are not met.  A description of how the SLA will change over time.
SERVICE LEVEL AGREEMENT (SLA)  Security: Client and CSP must understand security requirements.  Data encryption: Data must be encrypted while it is in motion and while it is at rest. The details of the encryption algorithms and access control policies should be specified.  Privacy: Basic privacy concerns are addressed by requirements such as data encryption, retention, and deletion. An SLA should make it clear how the cloud provider isolates data and applications in a multi-tenant environment.  Data retention/deletion: How does CSP prove they comply with retention laws and deletion policies?  Hardware erasure/ destruction: Same as #4.  Regulatory compliance: If regulations must be enforced because of the type of data, CSP must be able to prove compliance.  Transparency: For critical data and applications CSP must be proactive in notifying client when the terms of the SLA are breached including infrastructure issues like outages and performance problems as well as security incidents.
(SLA)  Certification: CSP should be responsible for proving required certification and keeping it current.  Performance definitions: Defining terminology such as uptime and other contractual metric terms (i.e. – uptime could mean all servers on continent are available or only one designated server is available.)  Monitoring: Responsible party for monitoring including identification of any third-party organization designated to monitor performance of the provider.  Audit Rights: To monitor for any data breaches including loss of data and availability issues. SLA should clarify when and how the audits will take place.  Metrics: to be monitored in real-time and audited after occurence. Metrics of an SLA must be objectively and unambiguously defined.  Human interaction: On-demand self-service is one of the basic characteristics of cloud computing, but SLA should provide customer service when needed. Review and summary of cloud service level agreements, From "Cloud Computing Use Cases Whitepaper" Version 4.0,
REALITY – CONTRACT ISSUE  Currently, the standard contracts offered by cloud computing providers are one-sided and service provider-friendly, with little opportunity to change terms.  Few offer meaningful service levels or assume any responsibility for legal compliance, security or data protection. Many permit suspension of service or unilateral termination, and disclaim all or most of the provider's potential liability.  In addition, some cloud computing providers emphasize low cost offerings, which leave little room for robust contractual commitments or customer requirements.
BEFORE YOU GO “TO THE CLOUD!” Security & Control No uniform standard for security and compliance among cloud providers. This may be bad - if you have evolved mature security and control discipline; or it may be a good thing, if you are looking for an external provider to help you with best practices. Cloud is not, per se, either secure or insecure. You simply need to set your own standards, be aware of what your cloud provider can and cannot deliver, and choose according to your desired level of risk.
BEFORE YOU GO “TO THE CLOUD!” Por tability & Compatibility Not all cloud providers are able to provide the same level of portability and compatibility. Extractingand restoring data may be a slow manual process due to API limitations and other restrictions. May be impossible to accomplish in a timely manner due to common limitations such as bandwidth. Applications may require significant changes to be compatible with storage in a non-specific location that changes in case of emergency. Be aware of your use cases, and make sure your recovery plan allows for the mobility of data the cloud will enable.
BEFORE YOU GO “TO THE CLOUD!” Longevity & Accessibility Consider and verify the longevity of CSP to ensure data will be accessible when and how, needed before committing to CSP as sole source for data recovery. During an analyst keynote speech at the 2010 CA InfoXchange event in Malaysia, the speaker estimated that a substantial number of current cloud providers will be out of business within 2 years. CSPs talked about 99.999 per cent uptime, or the equivalent of five minutes' downtime per year. This is the Holy Grail of cloud computing but achieving it requires multi million-dollar investments in redundant infrastructure.
BEFORE YOU GO “TO THE CLOUD!” Where does your data reside?  EU Data Privacy Concerns  Which laws apply, country of origin or country where data resides?
ESSENTIAL POWER CONTRACTS TO RETAIN  Realtime feed from data intrusion detection systems to permit monitoring of the security systems performance.  Performance standards mandating maximum downtime and platform stability.  Auditing rights – access to monitoring dashboard to see metrics on function of the system. Also onsite visits to provider.  Remediation power – including monetary penalties for downtime, termination in the event of security violations and notice of any breach.
ESSENTIAL CONTRACT POWERS TO RETAIN  Freedom to Move – contract must make it clear that the data owner retains all ownership of the data as well as access to the data. There should be a defined time frame for giving back all the data once request has been made as well as definition of the format for the data if it is to be moved or returned to the client to avoid any additional cost to reformat data to be moved to a new provider.  Preservation of metadata – what metadata will be maintained and any impact of the system upon that metadata.  Access to information for e-discovery – how accessible the data will be including time to extract.
Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw

More Related Content

PDF
Cloud Computing Architecture
byAnimesh Chaturvedi
 
PPTX
Service level agreement in cloud computing an overview
byDr Neelesh Jain
 
PPTX
Cloud security - Auditing and Compliance
byJosh Tullo
 
PPTX
Task Scheduling using Tabu Search algorithm in Cloud Computing Environment us...
byAzarulIkhwan
 
PPTX
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
byGrant McAlister
 
PPTX
scheduling techniques and SLA.pptx
byKPR Institute of Engineering and Technology
 
PPTX
Cloud computing ppt
byAmex Ka
 
PPTX
Design Issues of Distributed System (1).pptx
byvlakshmirajendran1
 
Cloud Computing Architecture
byAnimesh Chaturvedi
 
Service level agreement in cloud computing an overview
byDr Neelesh Jain
 
Cloud security - Auditing and Compliance
byJosh Tullo
 
Task Scheduling using Tabu Search algorithm in Cloud Computing Environment us...
byAzarulIkhwan
 
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
byGrant McAlister
 
scheduling techniques and SLA.pptx
byKPR Institute of Engineering and Technology
 
Cloud computing ppt
byAmex Ka
 
Design Issues of Distributed System (1).pptx
byvlakshmirajendran1
 

What's hot

PPTX
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
bySimplilearn
 
PDF
Cloud Migration Strategy and Best Practices
byQBurst
 
PPTX
Introduction to GCP presentation
byMohit Kachhwani
 
PPTX
Cloud computing security issues and challenges
byDheeraj Negi
 
PDF
Cloud computing - Risks and Mitigation - GTS
byAnchises Moraes
 
PPTX
Cs6703 grid and cloud computing unit 5
byRMK ENGINEERING COLLEGE, CHENNAI
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PPT
Security Issues of Cloud Computing
byFalgun Rathod
 
PPTX
What Is Cloud Computing? | Cloud Computing For Beginners | Cloud Computing Tr...
bySimplilearn
 
PPTX
Origins of cloud computing
byDiscover Cloud Computing
 
PPTX
Google Cloud Platform (GCP)
byChetan Sharma
 
PPTX
Chapter 3 Using Unix Commands
byMeenalJabde
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PPTX
Cloud Computing
byInternational School Of Management Excellence
 
PPTX
Network and System Administration
byIgguuMuude
 
PDF
IBM MQ: Managing Workloads, Scaling and Availability with MQ Clusters
byDavid Ware
 
PPTX
Cloud Service Models
byAbhishek Pachisia
 
PPTX
Task scheduling Survey in Cloud Computing
byRamandeep Kaur
 
PPTX
Distributed Transactions(flat and nested) and Atomic Commit Protocols
bySachin Chauhan
 
PDF
Sla in cloud
byPankesh Patel
 
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
bySimplilearn
 
Cloud Migration Strategy and Best Practices
byQBurst
 
Introduction to GCP presentation
byMohit Kachhwani
 
Cloud computing security issues and challenges
byDheeraj Negi
 
Cloud computing - Risks and Mitigation - GTS
byAnchises Moraes
 
Cs6703 grid and cloud computing unit 5
byRMK ENGINEERING COLLEGE, CHENNAI
 
Cloud Security
byAWS User Group Bengaluru
 
Security Issues of Cloud Computing
byFalgun Rathod
 
What Is Cloud Computing? | Cloud Computing For Beginners | Cloud Computing Tr...
bySimplilearn
 
Origins of cloud computing
byDiscover Cloud Computing
 
Google Cloud Platform (GCP)
byChetan Sharma
 
Chapter 3 Using Unix Commands
byMeenalJabde
 
Identity and Access Management Introduction
byAidy Tificate
 
Cloud Computing
byInternational School Of Management Excellence
 
Network and System Administration
byIgguuMuude
 
IBM MQ: Managing Workloads, Scaling and Availability with MQ Clusters
byDavid Ware
 
Cloud Service Models
byAbhishek Pachisia
 
Task scheduling Survey in Cloud Computing
byRamandeep Kaur
 
Distributed Transactions(flat and nested) and Atomic Commit Protocols
bySachin Chauhan
 
Sla in cloud
byPankesh Patel
 

Similar to Cloud computing & service level agreements

PDF
Week 3 lecture material cc
byAnkit Gupta
 
PPT
Legal issues in cloud computing
bymovinghats
 
PDF
SECURITY MANAGEMENT IN THE CLOUD AND PRIVACY.pdf
bySabitha Banu
 
PPT
Cloud Security.ppt
byAkashRajBehera
 
PPT
Legal issues in cloud computing
byRitambhara Agrawal
 
PPTX
Cloud computing contracts
byMeera Kaul
 
PDF
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
byThis account is closed
 
PPTX
40369A Microsoft Cloud Fundamentals - Chapter 1
byAndersPistaceci1
 
PPTX
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
DOCX
Topic The top 5 details that should be included in your cloud SLA..docx
byjuliennehar
 
PDF
Cloud services and it security
byEast Midlands Cyber Security Forum
 
PPTX
Transforming cloud security into an advantage
byMoshe Ferber
 
PPTX
Procurement Of Software And Information Technology Services
byPeister
 
PPTX
Cloud Computing & IT in the Boardroom
byBrendon Noney
 
PPTX
Cloud computing and its security issues
byJyoti Srivastava
 
PPT
Security issue in cloud by himanshu tiwari
bybhanu krishna
 
PPTX
What is Cloud Security, and Can I Have Some?
byJohn Kinsella
 
PPTX
Cloud Computing Security
byNithin Raj
 
PPT
Cloud computing security and privacy christian goire
bygoire
 
PDF
Cloud Cuckoo Land to Corporate Acceptance
byMark Henshaw
 
Week 3 lecture material cc
byAnkit Gupta
 
Legal issues in cloud computing
bymovinghats
 
SECURITY MANAGEMENT IN THE CLOUD AND PRIVACY.pdf
bySabitha Banu
 
Cloud Security.ppt
byAkashRajBehera
 
Legal issues in cloud computing
byRitambhara Agrawal
 
Cloud computing contracts
byMeera Kaul
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
byThis account is closed
 
40369A Microsoft Cloud Fundamentals - Chapter 1
byAndersPistaceci1
 
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
Topic The top 5 details that should be included in your cloud SLA..docx
byjuliennehar
 
Cloud services and it security
byEast Midlands Cyber Security Forum
 
Transforming cloud security into an advantage
byMoshe Ferber
 
Procurement Of Software And Information Technology Services
byPeister
 
Cloud Computing & IT in the Boardroom
byBrendon Noney
 
Cloud computing and its security issues
byJyoti Srivastava
 
Security issue in cloud by himanshu tiwari
bybhanu krishna
 
What is Cloud Security, and Can I Have Some?
byJohn Kinsella
 
Cloud Computing Security
byNithin Raj
 
Cloud computing security and privacy christian goire
bygoire
 
Cloud Cuckoo Land to Corporate Acceptance
byMark Henshaw
 

More from Cade Zvavanjanja

PDF
Top online frauds 2010
byCade Zvavanjanja
 
PPT
Web application attacks using Sql injection and countermasures
byCade Zvavanjanja
 
PDF
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
byCade Zvavanjanja
 
PPT
comesa cybersecurity
byCade Zvavanjanja
 
PPT
Cyber Security 2016 Cade Zvavanjanja1
byCade Zvavanjanja
 
PPT
A case for multi-stakeholder cybersecurity by zvavanjanja
byCade Zvavanjanja
 
PPT
Cade zvavanjanja iot afigf online
byCade Zvavanjanja
 
PPTX
Gainful Information Security 2012 services
byCade Zvavanjanja
 
PPT
Cade zvavanjanja saigf cybercrime & security online
byCade Zvavanjanja
 
PPT
Introduction to IT Security
byCade Zvavanjanja
 
Top online frauds 2010
byCade Zvavanjanja
 
Web application attacks using Sql injection and countermasures
byCade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
byCade Zvavanjanja
 
comesa cybersecurity
byCade Zvavanjanja
 
Cyber Security 2016 Cade Zvavanjanja1
byCade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
byCade Zvavanjanja
 
Cade zvavanjanja iot afigf online
byCade Zvavanjanja
 
Gainful Information Security 2012 services
byCade Zvavanjanja
 
Cade zvavanjanja saigf cybercrime & security online
byCade Zvavanjanja
 
Introduction to IT Security
byCade Zvavanjanja
 

Recently uploaded

PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPT
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 

Cloud computing & service level agreements

  • 1.
    Computing in theclouds while wearing a good service level agreement By Cade Zvavanjanja CISO Gainful Information Security
  • 2.
    THE CLOUD  “Cloud Computing” can mean different things  SaaS, PaaS, IaaS  Public Definitions:  NIST  Berkeley  ABA Legal Tech Resource Center  Service & Deployment Models:  Private, Public, Hybrid
  • 3.
    DIFFERENT THAN BOXES STOREDAT IRON MOUNTAIN?
  • 4.
    HOW CLOUD DIFFERS Access  Data Location  Greater Custody and Control Differentiation  Multi-Tenancy Capability
  • 5.
    CLOUDY QUESTIONS  Location issues  Operation issues  Legislative/Regulatory issues  3rd party contractual limitations  Security/Privacy issues  Litigation/Investigative issues  Authenticity/Admissibility issues
  • 6.
    CLOUD: WHEN BAD THINGSHAPPEN TO GOOD EVIDENCE  General Considerations  Potential Liability for Spoliation  Minimize Risk by Addressing Up Front the Need to Preserve and Produce ESI  Remedies for Spoliation
  • 7.
    HOW DO YOUCONDUCT A FORENSIC EXAMINATION IN THE CLOUD?
  • 8.
    CLOUD COMPUTING SERVICE LEVELAGREEMENT CONSIDERATIONS  Use of data/Security  Location of data  No change of terms  Destruction  Ownership (assignment)  Subpoena response  Regulatory requirements  Insurance/Indemnity  Audits
  • 9.
    SERVICE LEVEL AGREEMENT (SLA) SLAshould contain:  The list of services the provider will deliver and a complete definition of each service.  Metrics to determine whether the provider is delivering the service as promised  Auditing mechanism to monitor the service.  Responsibilities of the provider and the consumer  Remedies available to both provider and client if the terms of the SLA are not met.  A description of how the SLA will change over time.
  • 10.
    SERVICE LEVEL AGREEMENT (SLA)  Security: Client and CSP must understand security requirements.  Data encryption: Data must be encrypted while it is in motion and while it is at rest. The details of the encryption algorithms and access control policies should be specified.  Privacy: Basic privacy concerns are addressed by requirements such as data encryption, retention, and deletion. An SLA should make it clear how the cloud provider isolates data and applications in a multi-tenant environment.  Data retention/deletion: How does CSP prove they comply with retention laws and deletion policies?  Hardware erasure/ destruction: Same as #4.  Regulatory compliance: If regulations must be enforced because of the type of data, CSP must be able to prove compliance.  Transparency: For critical data and applications CSP must be proactive in notifying client when the terms of the SLA are breached including infrastructure issues like outages and performance problems as well as security incidents.
  • 11.
    (SLA)  Certification: CSP should be responsible for proving required certification and keeping it current.  Performance definitions: Defining terminology such as uptime and other contractual metric terms (i.e. – uptime could mean all servers on continent are available or only one designated server is available.)  Monitoring: Responsible party for monitoring including identification of any third-party organization designated to monitor performance of the provider.  Audit Rights: To monitor for any data breaches including loss of data and availability issues. SLA should clarify when and how the audits will take place.  Metrics: to be monitored in real-time and audited after occurence. Metrics of an SLA must be objectively and unambiguously defined.  Human interaction: On-demand self-service is one of the basic characteristics of cloud computing, but SLA should provide customer service when needed. Review and summary of cloud service level agreements, From "Cloud Computing Use Cases Whitepaper" Version 4.0,
  • 12.
    REALITY – CONTRACTISSUE  Currently, the standard contracts offered by cloud computing providers are one-sided and service provider-friendly, with little opportunity to change terms.  Few offer meaningful service levels or assume any responsibility for legal compliance, security or data protection. Many permit suspension of service or unilateral termination, and disclaim all or most of the provider's potential liability.  In addition, some cloud computing providers emphasize low cost offerings, which leave little room for robust contractual commitments or customer requirements.
  • 13.
    BEFORE YOU GO“TO THE CLOUD!” Security & Control No uniform standard for security and compliance among cloud providers. This may be bad - if you have evolved mature security and control discipline; or it may be a good thing, if you are looking for an external provider to help you with best practices. Cloud is not, per se, either secure or insecure. You simply need to set your own standards, be aware of what your cloud provider can and cannot deliver, and choose according to your desired level of risk.
  • 14.
    BEFORE YOU GO“TO THE CLOUD!” Por tability & Compatibility Not all cloud providers are able to provide the same level of portability and compatibility. Extractingand restoring data may be a slow manual process due to API limitations and other restrictions. May be impossible to accomplish in a timely manner due to common limitations such as bandwidth. Applications may require significant changes to be compatible with storage in a non-specific location that changes in case of emergency. Be aware of your use cases, and make sure your recovery plan allows for the mobility of data the cloud will enable.
  • 15.
    BEFORE YOU GO“TO THE CLOUD!” Longevity & Accessibility Consider and verify the longevity of CSP to ensure data will be accessible when and how, needed before committing to CSP as sole source for data recovery. During an analyst keynote speech at the 2010 CA InfoXchange event in Malaysia, the speaker estimated that a substantial number of current cloud providers will be out of business within 2 years. CSPs talked about 99.999 per cent uptime, or the equivalent of five minutes' downtime per year. This is the Holy Grail of cloud computing but achieving it requires multi million-dollar investments in redundant infrastructure.
  • 16.
    BEFORE YOU GO“TO THE CLOUD!” Where does your data reside?  EU Data Privacy Concerns  Which laws apply, country of origin or country where data resides?
  • 17.
    ESSENTIAL POWER CONTRACTSTO RETAIN  Realtime feed from data intrusion detection systems to permit monitoring of the security systems performance.  Performance standards mandating maximum downtime and platform stability.  Auditing rights – access to monitoring dashboard to see metrics on function of the system. Also onsite visits to provider.  Remediation power – including monetary penalties for downtime, termination in the event of security violations and notice of any breach.
  • 18.
    ESSENTIAL CONTRACT POWERSTO RETAIN  Freedom to Move – contract must make it clear that the data owner retains all ownership of the data as well as access to the data. There should be a defined time frame for giving back all the data once request has been made as well as definition of the format for the data if it is to be moved or returned to the client to avoid any additional cost to reformat data to be moved to a new provider.  Preservation of metadata – what metadata will be maintained and any impact of the system upon that metadata.  Access to information for e-discovery – how accessible the data will be including time to extract.
  • 19.
    Thank You Tel: +236733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw