Governance and Service Level Agreement Issues in a Cloud Environment - Coursework Example

Contents Introduction 2 2.Cloud Computing 3 3.Cloud Computing Governance 4 4.Service Level Agreements 5 4 SLA Critical Evaluation: Cloud Computing Services 7 Infrastructure as a Service 7 (IaaS) 7 Platform as a Service 7 (PaaS) 7 Software as a Service 7 (Saas) 7 4.2 SLA Critical Evaluation: Cloud Computing Models 8 Public Clouds 8 Private Clouds 8 Hybrid Clouds 8 4.3 Service Level Agreement – Features of Data Polices and Guidelines 9 Protection / Preservation of the Data 9 Data Redundancy 9 Storage Location of the Data 9 Verification of the New Data Storage Location 10 Seizure of the Data 10 Privacy of the Data 10 Business Continuity 10 Disaster Management of the Data 10 Failure in Provision of Services 10 4.4Service Level Agreement: The Vital Consideration 10 Overall, there are some vital considerations which need to be encountered by any means in the Service Level Agreement between the cloud consumer and cloud service provider (Diaz, 2011). 11 System Availability 11 System Performance 11 Information Confidentiality 11 Data Integrity 12 5.Conclusion 12 1. Introduction The implementation and utilization of the cloud computing technology are increasing with the passage of time. The data, hardware infrastructure and applications are being shared remotely over the computer network using internet by creating a cloud computing environment. The systems architecture for the cloud computing environment is different from the traditional computer systems. As the data and applications are being accessed remotely in the cloud computing environment, therefore, one of the critical issues of the organizations utilizing cloud computing technology is the ‘Data Governance and Management’. Usually, the cloud computing technology along with data governance services are provided by a third party vendor to the organization. Therefore, data governance and management plans need to be identified and specified by the client organization and the cloud computing service provider in order to not only control the data but also managing breach in data security. In this regard, the client organization and the vendor mutually develop a ‘Service Level Agreement’ (SLA) and bind themselves to follow the contractual arrangements as prescribed in the Service Level Agreement. The SLA should include such attributes to address the data governance issues in the cloud computing environment (Wieder, Butler, Theilmann, and Yahyapour, 2011). The document presents a brief introduction of the ‘Cloud Computing Technology’ and its categories. The significance of the Cloud Computing Governance and issues related to the Governance of the Cloud Computing technology. The document proceeds and explains the Service Level Agreements, the attributes and ingredients to be included by the client organization and the cloud computing vendor. Eventually, the document evaluates a range of service level design strategies and techniques. The presentation of the techniques and their evaluation is being done by using tables, diagrams and examples. 2. Cloud Computing In the World of computers, networking and internet, the utilization of resources (hardware, applications and data) from diverse locations over the internet is becoming significant and the concept or technology is known to be as ‘Cloud Computing’. The data and applications are deployed at the remote server so that these can be accessed and shared remotely over the computer networking using internet through implementation of the cloud computing technology. In this regard, the cloud computing is a useful technique for accessing various applications with storage capacity from a distant location via an internet link. On the other hand, the cloud computing is a principle solution for the management and provision of applications, information and data as a service. Usually, the cloud computing environment is known as a grid of computers that are useful for serves like a service oriented structural design. Hence this design is used for delivering software along with information (Creeger, 2009). In order to make clarity on the cloud computing technology, it is pertinent to present real world examples of implementation of the cloud computing environment. A well known example of the cloud computing is email servers such as the Google’s Gmail, Yahoo mail and Microsoft’s Hotmail, etc. The approach behind the central server and email management application is on the internet (cloud). The user makes use of it alone or in community and benefit from its aspects. Another implementation example of the cloud computing is the online data storage services include, but not limited to the Microsoft’s SkyDrive, Amazon’s S3, Humyo and ZumoDrive, etc. (Polrid, 2010). There are following five (5) main characteristics of the cloud computing technology: On demand self services, Ubiquitous network access, Resource Pooling, Rapid Elasticity Pay as per usage of the services 3. Cloud Computing Governance Cloud Governance refers to organizing the decision making processes of an organization, policies and standards involved in the application planning, design, development, and implementation, monitoring and testing of the cloud computing technologies. Keeping in view the fact that the cloud computing environment is managed by the third party vendor, therefore, the client organization loses control over the data protection, security control, compliance with the standards, and the risks of multi tenancy customers. Moreover, one of the key challenges in implementation of the cloud computing environment is the governance. These are the challenges an organization need to face once the organization moves to the cloud computing environment. However, in order to resolve the cloud computing issues, the organization needs to focus on tackling the underlying strategy of the cloud computing (Kasarkod, 2011). In the cloud computing environment the governance is all about how data and applications are managed in the cloud. Basically, the absence or lack of a governance system in a cloud environment can have critical effects on applications and IT resources. In this scenario, appropriate governance controls do not only allow organizations to control what they install within clouds, however it also helps organizations regulate how an organization makes use of the resources and features provided to them by cloud providers. Additionally, the development of governance requirements requires IT experts to identify preferences and priorities dictated by the IT and organization (Cochran and Witman, 2011). 4. Service Level Agreements In order to avail the services of the cloud computing environment, the consumer(s) and vendor(s) has to sign a ‘Service Level Agreement’ (SLA). In Cloud Computing, a Service Level Agreement is a contract in which the rules and regulations are defined for the customer(s) and vendor(s), on provision of the services. In view of the fact that the cloud environment contains vital organization resources and data so there is a need for cautious assessment of cloud service-level agreements. In addition, effectively defined conditions and responsibilities for cloud services set establish customer expectations and offer an assurance of value. In this scenario, a service-level agreement (SLA) is a bond between a customer and a provider that defines a service, document targets and identify responsibilities. In an article (Ottenheimer, 2013) provides some of the suggestions that must be kept in mind while developing SLAs in order to ensure transparency and security in an environment that is capable of quick change and automation through the use of metrics with the purpose of building and maintaining maintain trust. With respect to this point, there are a few issues and concerns of the cloud computing environment which needs to be addressed and specified in the Service Level Agreement and some of them are given below (Ortiz, Almeida and Balazinska, n.d): i. It is pertinent to specify in the SLA regarding the ownership of assets (either currently with the customer’s possession or vendor’s possession) include, but are not limited to the infrastructure, software, data storage, management and control of the services. ii. The SLA should have clear and concise contents regarding availability of the services, mean time between the failures (MTBF), and mean time to recovery / repair (MTTR), the responsibility of the monitoring and response to the failure in the provision of the services to the customer. In case of the involvement of the third party, the responsibilities should be clearly defined. iii. The service baseline should be precisely defined, including the security owing attentiveness for vulnerability and configuration management or regulatory compliance. 4.1 SLA Critical Evaluation: Cloud Computing Services Based on the above given examples, the cloud computing technology can be categorized into the three (3) services include: the Infrastructure as a Service, Software as a Service, and Platform as a Service. The following table differentiates between the cloud computing services along with examples of each service (Cloud Standards Customer Council, 2011). Categories Examples Clients SLA Considerations: Description Infrastructure as a Service (IaaS) i- Enterprise Infrastructure ii- Cloud Hosting iii- Virtual Data Centers i. Amazon EC2, ii. Windows Azure, iii. Rackspace It offers the computer communications, normally a virtualized computer system as a service. In this scenario, the end users have complete control over the virtualized computer systems as well as are able to modify the case consequently. The virtualized systems are employed to offer multi-tenancy as well as isolation to the users. The SLAs for the IaaS are similar to the SLAs for the outsourcing of the data center, computer network services, or the hosting services. The IaaS cloud consumers should ensure that the availability of the services (denial of services) and open standards. Platform as a Service (PaaS) i. Programming Languages ii. Web Servers iii. Databases i. AWS Elastic Beanstalk, ii. Heroku, iii. Force.com, iv. Google App Engine In terms of defining SLAs, the consumer needs to consider two solutions exist for PaaS include: the deployment based solution and integrated solutions. This category of the cloud computing provides facilities of the computing environment to the consumers for developing software applications using programming languages, web servers, databases, tools / libraries. In this regard, the cloud consumer should consider the usability, flexibility and control in accordance to fulfill the organization’s needs. Software as a Service (Saas) i. Project Management Application ii. ERP / MIS i. Google Apps, ii. Microsoft Office 365 The SLAs for SaaS cloud are difficult to standardized, as there are various services being provided. Software services are provided by the suppliers / vendors to the customer / clients on demand, over the internet. Moreover, software is available as a service for the consumers to utilize on their demands and they need to pay according to the utilization. In SLAs, the consumer should consider application downtime and response time. 4.2 SLA Critical Evaluation: Cloud Computing Models Models Features Service Level Agreements: Description Public Clouds i. Simple ii. Easy to use iii. Mobile Access iv. Good for Small and Medium Companies Public clouds provide the software and infrastructure services to the customer with or without cost over the internet. Public Clouds are managed and controlled by a 3rd party organization, as well as the implementations from different clients are possibly combined together with the cloud servers, storage devices and networks. The SLAs for the Public Clouds are very critical, therefore, the cloud consumer should read and agree to the SLA before using the services. Especially, the cloud consumer need to consider the data / information security, and accessibility. Private Clouds i. Better Privacy ii. Secure iii. Comparatively less user friendly interfaces iv. No Mobile Access Private clouds are created to offer the limited utilization to the client, greatest control over security, data, and value of service. However, the corporation owns the communications and optional structure. The SLAs of the Private clouds are similar to the traditional IT SLAs, however, the cloud consumers ensure the availability and response time of the solution in the SLA (Rackspace, 2013). Hybrid Clouds i. Easy to use ii. Mobile Access iii. Better Privacy iv. Secure The hybrid clouds are a collection of multiple private and public clouds to provide services on-demand, externally provisioned scale. The capabilities to expand a private cloud via the resources of a public cloud can uphold service levels in the face of fast workload fluctuations. SLAs for the Hybrid Clouds are similar to the SLAs for the Public Clouds; however, in this case the consumer needs to consider the integration requirements of the enterprise solutions with the clouds. 4.3 Service Level Agreement – Features of Data Polices and Guidelines The following table provides features of the data polices need to be considered and included in the Service level Agreement in the cloud computing environment, keeping in view the below given guidelines (Hamilton, 2009). Protection / Preservation of the Data Features Capturing and preserving data for organizational memory of a business. Enables to take informed decisions regarding operational and strategic development. Guidelines / Checklist The consumer should check: Data Storage locations, Back Scheduling / Restore Integrity checks Data Redundancy Features The data redundancy strategy includes a proper documentation for addressing the redundancy in the system. The data redundancy should be tested to demonstrate the availability of the system. Guidelines / Checklist An organization must understand the level of redundancy that its service provider’s systems offer. Storage Location of the Data Features Various rules and regulations have been established regarding the data storage. For instance, the specific kinds of data can be kept in some particular physical locations, keeping in view the sensitivity of the data. Guidelines / Checklist An organization must ensure: Appropriate storage places as per the data sensitivity Where data processes? Will this meet regulatory requirements? Verification of the New Data Storage Location Features If by any means, the vendor needs to relocate the data at the new location should not only be informed to the customer, but also the new location should be verified by the consumer / customer. Guidelines / Checklist The consumer should ensure: Data Relocation permission Seizure of the Data Features Circumstances under which the law enforcement agencies seize a providers application / services and tools for a particular or all customers. Guidelines / Checklist The consumer should ensure: Arrangements for data availability under such scenarios. Privacy of the Data Features Keeping the data safe from the unauthorized access Required for implementation of the government laws for data privacy and data security. Guidelines / Checklist The consumer should ensure: Declared data privacy policy Data retention policy Data communication strategy Business Continuity Features Circumstances under which the law enforcement agencies seize a providers application / services and tools for a particular or all customers. Guidelines / Checklist The consumer should ensure: Arrangements for data availability under such scenarios. Disaster Management of the Data Features Unforeseen disaster that may impact the data badly should be managed in a way that the services should be provided without any interruption Guidelines / Checklist The consumer should ensure: Disaster Protection / Management Plan Failure in Provision of Services A contingency plan should be developed by the cloud consumer in case of failure in the provision of the services by the vendor or service providers. 4.4 Service Level Agreement: The Vital Consideration Overall, there are some vital considerations which need to be encountered by any means in the Service Level Agreement between the cloud consumer and cloud service provider (Diaz, 2011). System Availability Availability is one of the key elements of the SLA to be included in the SLA in terms of provision of services to the consumer. Some of the metrics for the measurements of cloud availability are: time, recovery time and recovery point. In this scenario, customers who want a higher level of service should request multiple availability zones, service across diverse geographic locations beyond time. For instance, it can be stated that the system should be available 99.99 % during the working hours; however, the system should be available 99.9 % during off work or weekends. System Performance It is pertinent to specify the performance of the system expected by the consumer in the SLA. The metrics for measuring the performance of the system can be shown by the maximum response time and the minimum response time of the system in the cloud environment (Marks, n.d). Information Confidentiality The confidentiality of data in the cloud environments is the second core element to be incorporated in the SLA. The confidentiality can be affected by its geographical region. In fact, the majority of people do not want their data spread across the controls. In this scenario, a service level agreement must take into consideration geography regarding identity management, encryption and other controls depending on national regulations. Data Integrity Data integrity refers to the correctness of data that requires dealing with risks regarding portability, data format, as well as change management. In this regards, some SaaS providers release changes as well as defects into construction without announcement or a standard reverse plan; as a result, customers are greatly affected when business processes involving those based on APIs start to fail unpredictably. In this scenario, there are many risks with some exclusive elements that must be dealt with for a cloud to offer accurate assurances in an SLA. In addition, customers should think about making use of standards as a basis when writing SLAs for cloud environments. 5. Conclusion An analysis of the Service Level Agreement for the cloud computing environment was presented in the paper along with the description of the cloud computing technology and its governance. This paper has presented a detailed analysis of cloud computing and how governance and service level agreements are implemented in a cloud computing environment. This paper has discussed the various categories of cloud computing, which are being used by different organizations. The governance of cloud environment is critical. The paper discussed some of the important aspects associated with the governance and issues raised in the absence of the governance systems. Based on the analysis, this paper has presented several suggestions regarding service level agreements keeping in view the diverse cloud computing models and cloud computing services technicalities. Organizations must consider different factors while developing service level agreements. After a thorough analysis and evaluation of the Service Level Agreement methodologies and strategies, it has been resulted that certain key elements of the SLA are common to the cloud models include: the Public, Private and Hybrid cloud environment. Moreover, the SLAs for the cloud computing services including IaaS, PaaS and SaaS are different from each other as well as SaaS have diverse elements of the remaining. Ultimately, it has been derived that the effective governance and authoritative service level agreements for the customers and the vendors are the key to success for the implementation and utilization of the cloud computing environment. Reference List Cloud Standards Customer Council, 2011. Practical Guide to Cloud Service Level Agreements: Version 1. [online] Available at: [Accessed 15 March 2014] Cochran, M. and Witman, P. D., 2011. Governance and Service Level Agreement Issues in a Cloud Environment. Journal of Information Technology Management, 22(2), pp. 41-55. Creeger, M., 2009. Cloud Computing: An Overview. Queue , 7(5), p.2. Diaz, A. L., 2011. Service Level Agreements in the Cloud: Who cares? [online] Available at: [Accessed 14 March 2014] Hamilton, B. A., 2009. Governance Considerations for Clouds. Cloud Computing SCAP Kasarkod, J., 2011. Virtual Panel: Cloud Services Governance. [Online] Available at: [Accessed 14 March 2014] Marks, E., n.d. Designing and Implementing Cloud Governance: Cloud, and Cloud Governance, are Emerging Capabilities. Cloud Leadership Forum Ortiz, J., Almeida, V. T., and Balazinska, M., n.d. A Vision for Personalized Service Level Agreements in the Cloud. Computer Science and Engineering Department, University of Washington Seattle, Washington, USA Ottenheimer, D., 2013. Developing a cloud SLA: Key security and compliance issues. [Online] Available at: [Accessed 15 March 2014] Polrid, 2010. 5 Examples of the Cloud Computing. [online] Available at: [Accessed 14 March 2014] Rackspace, 2013. Understanding the Cloud Computing Stack: SaaS, PaaS, IaaS. [online] Available at: [Accessed 17 March 2014] Wieder, P., Butler, J. M. Theilmann, W., Yahyapour, R., (2011). Service Level Agreements for Cloud Computing. Springer New York Dordrecht Heidelberg London Read More