Service Level Agreement and Governance for Cloud Computing - Coursework Example

Governance and Service Level Agreements in Cloud Computing By Table of Contents Table of Contents 2 Introduction 3 Cloud Computing: An overview 4 Cloud computing infrastructure Models 7 Public Clouds 8 Private Clouds 9 Hybrid Clouds 10 Governance in cloud environment 11 Compliance 12 Data Protection 13 Cloud Provider Selection 13 Benefits an inherent danger 14 Enterprise on the cloud 14 Usage Management 14 Service Level Agreements (SLAs) 14 Cloud SLA: Availability 15 Cloud SLA: Confidentiality 16 Cloud SLA: Integrity 16 Factors involved in SLAs 16 Business level objectives 17 Responsibilities of both parties 17 Business continuity/disaster recovery 18 Redundancy 18 Maintenance 18 Data storage location 18 Data seizure 18 Provider failure 19 Jurisdiction 19 Brokers and resellers 19 References 21 Introduction A latest and modern generation of technology is renovating the world of computing. The web based data storage and other useful services, which are acknowledged as “cloud computing” are quickly rising to balance the traditional model of software execution and data being stored on desktop servers and PCs. In simple words, cloud computing is a modern technique to augment computing experiences by allowing users to access software applications, data, and other services that are stored at off-site data centers instead of the user’s own machine, computer or at a corporation’s on-site data center. Additionally, the cloud computing is the junction and evolution of numerous technologies those are concerned with distributed application design, virtualization, grid, and corporate IT management to facilitate a more elastic technique intended for deploying as well as balancing applications. According to Bennett, Bhuller, & Covington (2009) the present business or corporate services such as instant messaging, emails, web content, and business software management are among various applications that could be accessed through a cloud environment. Additionally, a number of these applications have been accessible remotely over the internet from a number of years, thus, the cloud computing might be considered noticeably similar to the present web based environment for the majority users (Bennett et al., 2009). The cloud computing is a newly evolved technology structure that is continuously going toward more enhanced technology platforms. In addition, the new advancements and evolutions have made it possible to have more ease in terms of communication and data transfer. This research will cover a detailed analysis of cloud computing. The basic purpose of this research is to analyze the service level agreement and governance of cloud computing. Cloud Computing: An overview The trend of cloud computing is rapidly growing. Cloud computing methodology is vastly ubiquitous in this technological period. However we can define cloud computing technology as an idea or a trend. In this scenario, cloud computing is a useful technique for accessing various applications with storage capacity from a distant location via internet link. Thus it is not an advance standard approach. On the other hand, the cloud computing is an ideal solution for the management and provision of applications, information and data as a service. Additionally, these services are provided over the internet, often on a consumption-based model. In this way we can say that cloud computing is a technological aspect that is used in main servers and internet to sustain information as well as programs. Usually it is known as a grid of computers that are useful for serves like a service oriented structural design. Hence this design is used for delivering software along with information. Moreover cloud computing facilitates its users and business related modules to make use of applications without paying any cost. Therefore users may access their private data and information through computers, which have internet connection. Cloud computing technological aspects facilitate us through well-organized and resourceful computing with centralizing memory allocation, storage space, bandwidth and processing (Cleveland, S, & Lewis, 2011; TechTarget, 2007; Hartig, 2009). Cloud computing brings a lot of opportunities and solutions for business related problems in organizational matters and for individuals. In this scenario, a straightforward example that fits best to cloud computing is of email servers such as Gmail, Yahoo mail and Hotmail etc. We use these applications without installing any additional hardware, software or any server on our personal computer. Hence the concept of installing any hardware or software (that might be of any sort) is eliminated. In this scenario, users only need to have an internet link and they can start sending or receiving e-mails. The approach behind the central server and email management application is on the internet (cloud). The user makes use of it alone or in community and benefit from its aspects. However cloud computing is broken down into 3 important components. These are following: 1. Infrastructure 2. Applications 3. Platforms In this scenario, each component/segment carries out a different job furthermore offers versatile application for individuals and business purpose round the globe (Viewpointe Archive Services, LLC., 2013; TechTarget, 2009; Creeger, 2009). Cloud computing is the latest and modern way of computing. Since, it is a very innovative idea in the computing sector, which is divided into three main categories hardware, software and network. And the combination of all these categories is acknowledged as the cloud. Additionally, the cloud computing is a general term for anything that engages presenting hosted services over the internet. Here, these services are broadly categorized into three groups: (TechTarget, 2009; Creeger, 2009) 1. Infrastructure-as-a-Service (IaaS) 2. Platform-as-a-Service (PaaS) 3. Software-as-a-Service (SaaS). Figure 1Cloud Computing Categories Infrastructure as a Service (IaaS): It offers the computer communications, normally a virtualized computer system as a service. In this scenario, the end users have complete control over the virtualized computer systems as well as are able to modify the case consequently. The virtualized systems are employed to offer multi-tenancy as well as isolation to the users, for instance different virtual cases can be assigned to a single physical system. In addition, instead of purchasing the physical servers, IaaS charges a price on a utility based on the use of the computing services and resources (Duncan, Chu, Vecchiola, & Buyya, 2009). Platform as a Service (PaaS): It conceals all the issues and complexity of angling and manages the necessary hardware, which offers the services required to complete whole lifecycle of building and deploying web systems and application as well as services completely (Duncan, Chu, Vecchiola, & Buyya, 2009). Software as a Service (SaaS): it offers a model of software implementation where a supplier offers its software as a service to be hired or utilized by the clients on demand (Duncan, Chu, Vecchiola, & Buyya, 2009). In addition, it offers the facility to lease a virtual server, execute needed software on it, turn it on or off, or make a replica of it ten times to convene an unexpected workload condition. In addition, it is secure and offers the organizations the facility to store huge amount of data that is available simply for allowed applications and users. This service could be attained from a cloud supplier that establishes a platform that comprises the operating system, a MySQL database, Apache, Python, Perl, and PHP with the capability to scale involuntarily in reaction to transforming work tasks. Furthermore, it could be utilized to manage business, working applications, and business customer’s data. Additionally, new facilities could also be obtained from the cloud computing platform, for instance, web services to put together maps, photos, and GPS information to produce a mash-up in client web browsers. In short, the cloud computing guarantees to augment the velocity of businesses or personal applications by deploying them through higher improvement and lower costs, while growing business agility (Sun Microsystems, 2009; Microsoft, 2009; Creeger, 2009; Lennon et al., 2009). Cloud computing infrastructure Models Powell (2009) stated that generally, the cloud could be defined as an on-demand computing via a network connection. However, the right to make use of the data and applications anytime, anywhere using a device is the potential outcome. Additionally, the user-level cloud is an excellent initial point for digital repositories intended for data and this data could be accessed with internet-enabled device for instance, iPhones or desktop computers (Powell, 2009; Murray, 2009). Public Clouds Public clouds are managed and controlled by a 3rd party organization, as well as the implementations from different clients are possibly combined together with the cloud servers, storage devices and networks. In view of the fact that the public clouds are not managed and controlled by a host organization itself thus they could be wonderful technique to decrease client risks, burden, responsibilities and cost by means of an efficient however conditional development of business structure. On the other hand, if a cloud service provider manages a cloud keeping security, performance and data storage locations in mind, the maintenance of additional applications executing in the cloud can be easy to follow for both cloud architects and cloud users. Undoubtedly, public cloud services present a potential to upgrade and move down according to certain conditions, and transfer varying infrastructure risks and dangers from the corporate to the cloud source, if even just temporarily (Sun Microsystems, 2009). Figure 1 Public clouds Private Clouds Private clouds are created to offer the limited utilization to the client, greatest control over security, data, and value of service. However, the corporation owns the communications and optional structure (Sun Microsystems, 2009). Figure 2- Private clouds: Source: (Sun Microsystems, 2009) Transformation is a main area that is employed by the cloud computing for offering and presenting applications for the cloud in invoking SaaS components in the course of a web service protocol instead of a traditional desktop menu driven environment. The majority cloud computing applications are built via the Web 2.0 and rich internet application frameworks. These front-ends use asynchronous web service display and requests of revisited outcomes through JavaScript templates that change the results into tables, shapes, graphics executing in web browsers. The transformation techniques of cloud computing is concerned with the main change areas those are established by the new technology (Micro Focus Limited, 2009). In cloud computing I/O organizations need to assess if cloud had completely utilized its servers because of I/O limitations. Since, every virtual machine accesses so much bandwidth on every server. Thus, the analysis of the I/O states the status of data coming and going away from the systems (Higginbotham, 2009). Hybrid Clouds A hybrid cloud establishes a connection between private and public cloud models. Since, they are capable to supply on-demand, externally provisioned scale. The capabilities to expand a private cloud via the resources of a public cloud can uphold service levels in the face of fast workload fluctuations. In addition, a hybrid cloud could as well be employed to manage planned workload points. Furthermore, a public cloud could be employed to carry out episodic jobs that could be carried out easily on a public cloud (Sun Microsystems, 2009). Figure 3- hybrid cloud: Source: (Sun Microsystems, 2009) Governance in cloud environment In cloud computing environment the governance means control of an organization over its business processes, policies and standards for application development, and implementation, design, monitoring and testing of implementing services. Seeing that the clouds are managed by an external firm so an organization can lose control over its business operations. Moreover, any conflict between business and cloud service providers can cause some serious security problems. In this scenario, it is essential for a cloud service provider to make management and maintenance more apparent and auditable for customers. In addition, they should incorporate recording logs and complete management meetings that have an effect on the part of the cloud environment. Furthermore, service providers must implement secure logging system by using proper authentication and authorization measures. It will ensure the security of customers’ data (Ahmed, 2011). In cloud computing environment the governance is all about how data and applications are managed in the cloud. Basically, the absence or lack of a governance system in a cloud environment can have critical effects on applications and IT resources. In this scenario, appropriate governance controls do not only allow organizations to control what they install within clouds, however it also help organizations regulate how an organization makes use of the resources and features provided to them by cloud providers. Additionally, the development of governance requirements requires IT experts to identify preferences and priorities dictated by the IT and organization. Before the adoption of a cloud environment an organization must understand why, how, and to what degree cloud-based IT resources will be used as well as for what architectural style, business objectives and business solutions have to be attained. After that they need to determine the functional restrictions and expenditures offered by cloud providers, accompanied by financial requirements and any expected dependence on outside experts with cloud expertise (Kasarkod, 2011). Compliance Cloud computing environment needs to comply with the established standards for instance; it must conform to a recognized standard, specification, law or regulation. Though, there exist a lot of security and privacy laws, rules and regulations in different countries at all levels (i.e. varying from local to national levels). On the other hand, due to innovative nature of cloud computing, the compliance with a standard is a difficult task. In addition, there are serious issues which organizations face while implementing standards at business level. Moreover, the use of ineffective compliance factors also creates several issues. In this scenario, cloud service providers need to build a system that can make the cloud compliant and that can verify the compliance of individual customers during an expected compliance audit (Ahmed, 2011). Data Protection As discussed above, cloud services of an organization are managed outside the business. Hence, the protection of data becomes a difficult job. In cloud environment, data protection and data abuse prevention are usually managed by means of authorization and strong access control and to a certain extent by using data leakage prevention (DLP) system and intrusion detection system (IDS) (Ahmed, 2011). Cloud Provider Selection At the present, there are numerous companies which offer cloud services. However, before choosing a cloud service provider a firm must conduct a detailed research. In this scenario, it is essential to determine for what purpose cloud needs to be formed. We should conduct a detailed research to know about the companies and services they are offering. In addition, nowadays, it is essential for the business organizations to get appropriate legal advice to make sure that the agreement indicates the sectors or services in which the cloud service provider is accountable and legally responsible for implications taking place from possible issues. In this scenario, organizations could influence the worldwide compliance requirements that are becoming stricter and select a cloud service provider that can convene these requirements and is able to present rigid proof of its compliance (Ahmed, 2011). Benefits an inherent danger The application of the virtual cloud computing arrangement presents benefit of inherent danger for the corporate operations. In this scenario, offering and storing our precious and secret data on third party servers causes various security concerns such as data theft or damaging. These inherent dangers regarding application of such technology discourage the usage of cloud computing (Ahmed, 2011; Wood, et al., 2009). Enterprise on the cloud Transferring the entire corporate working on a cloud based arrangement creates a lot of security concerns for the businesses. In addition, this transformation is not a simple job. In such scenario the overall process of change can affect the performance of an organization. Moreover, an organization loses the control over its business operations (Ahmed; Wood, Shenoy and Ramakrishnan). Usage Management In cloud computing environment, it is essential to manage the use of cloud services. For this purpose, a company must hire skilled employees who can deal with the new technology based arrangement. In addition, there is need for managing and updating human resource skills for the fruitful results (Ahmed, 2011; Wood, et al., 2009). Service Level Agreements (SLAs) In view of the fact that the cloud environment contain vital organization resources and data so there is need for cautious assessment of cloud service-level agreements. In addition, effectively defined conditions and responsibilities for cloud services set establish customer expectations and offer an assurance of value. In this scenario, a service-level agreement (SLA) is a bond between a customer and a provider that define a service, document targets and identify responsibilities. In an article (Ottenheimer, 2013) provides some of the suggestions that must be kept in mind while developing SLAs in order to ensure transparency and security in an environment that is capable of quick change and automation through the use of metrics with the purpose of building and maintaining maintain trust. With respect to this point, there are a few risks and concerns of cloud security and agreement that are related to three primary areas of risk: 1. Ownership of assets including data storage, management and control, custody and right of return. 2. Service availability, monitoring and response, which can be determined as charge associated with the terms and facility of maintenance. 3. Service baselines, which include security owing attentiveness for vulnerability and configuration management or regulatory compliance. The above mentioned risks areas can be easily dealt with while writing SLAs by keeping in mind four domains (process, technology, people and geography) and measuring them on the basis levels of availability, confidentiality and integrity. Cloud SLA: Availability Availability is believed to be the most disreputable SLA item for service providers. Some of the metrics for the measurements of cloud availability are: time, recovery time and recovery point. In this scenario, customers who want a higher level of service should request multiple availability zones, service across diverse geographic locations beyond time. Cloud SLA: Confidentiality The confidentiality of cloud environments can be affected by it geographical region. In fact, the majority of people do not want their data spread across controls. In this scenario, a service level agreement must take into consideration geography regarding identity management, encryption and other controls dependent on national regulations. Cloud SLA: Integrity Integrity measurement requires dealing with risks regarding portability, data format, as well as change management. In this scenario, some SaaS providers release changes as well as defects into construction without announcement or a standard reverse plan; as a result customers are greatly affected when business processes involving those based on APIs start to fail unpredictably. In this scenario, there are many risks with some exclusive elements that must be dealt with for a cloud to offer accurate assurances in an SLA. In addition, customers should think about making use of standards as a basis when writing SLAs for cloud environments (Ottenheimer, 2013; Cochran & Witman, 2011; White & Boisvert, 2013). Factors involved in SLAs There are two major types of SLAs that are used for cloud environments: customized and off-the-shelf agreements, and negotiated agreements. In this scenario, off-the-shelf agreements are not useful for customers having critical data needs, hence prior to selection of a cloud environment an organization must identify how critical its applications and data are. In addition, public clouds are based on a non-negotiable SLA which cannot be used for those with mission-critical data or application. An organization must consider various factors while defining terms and condition of an SLA (IBM, 2010; Viewpointe Archive Services, LLC., 2013): Figure 2 Factors Involved in SLAs Business level objectives A company must carefully identify why it will make use of the cloud services prior to it can identify accurately what services it will use. This decision can involve various politics related aspects for instance some staff members will be concerned with the loss of data and control in cloud computing environment. Responsibilities of both parties Both the parties must clearly identify the roles and responsibilities they will perform. Business continuity/disaster recovery An organization must ensure that its cloud service maintains sufficient disaster protection for instance in case of any disaster service provider should provide backup related services. Redundancy An organization must understand the level of redundancy that its service provider’s systems offer. Maintenance An organization must understand all the aspects of maintenance that a service provider provides. In addition, it must also identify the ways how and when this maintenance is provided. Data storage location Various rules and regulations have been established regarding the data storage. For instance, specific kinds of data can be kept in some specific physical locations. In this scenario, an organization must ensure that its service provider makes sure that their data will be stored in appropriate storage places and they have the ability to deal with such issues. Data seizure When a law enforcement seizes a providers applications and tools to gather the applications and data of a specific customers, in this scenario this process can have a serious impact on other customers that make use of the same provider. Hence, the firm should think about hiring a third party to offer additional backup. Provider failure In some cases a service provider can fail to provide effective services in this scenario an organization must implement and maintain contingency plans that take into consideration the monetary condition of the cloud service provider. Jurisdiction An organization must carefully study the applicable laws and regulations that apply to its service provider as well as that apply to organization itself. Brokers and resellers If an organization is hiring the services of a provider that is a reseller or broker of cloud services, it must recognize the rules of its service provider and the actual provider (IBM, 2010; Viewpointe Archive Services, LLC., 2013). Conclusion This paper has presented a detailed analysis of cloud computing and how governance and service level agreements are implemented in cloud computing environment. This paper has discussed various categories of cloud computing which are being used by different organizations. The governance of cloud environment is critical. This paper has discussed some of the important aspects associated with the governance and issues raised in absence of the governance systems. This paper has presented several suggestions regarding service level agreements. Organizations must consider different factors while developing service level agreements. Without effective governance and service level agreements organizations cannot make effective use of cloud computing environment. References 1. Ahmed, A., 2011. Using COBIT to Manage the Benefits, Risks and Security of Outsourcing Cloud Computing. [Online] Available at: http://www.isaca.org/Knowledge-Center/Documents/Using-COBIT-to-Manage-the-Benefits-Risks-and-Security-of-Outsourcing-Cloud-Computing.pdf [Accessed 24 February 2014]. 2. Bennett, S., Bhuller, M. & Covington, R., 2009. Architectural Strategies for Cloud Computing. An Oracle White Paper in Enterprise Architecture. Redwood Shores, USA: Oracle Corporation. 3. Cochran, M. & Witman, P. D., 2011. GOVERNANCE AND SERVICE LEVEL AGREEMENT ISSUES IN A CLOUD COMPUTING ENVIRONMENT. Journal of Information Technology Management, 22(2), pp. 41-55. 4. Creeger, M., 2009. Cloud Computing: An Overview. Queue , 7(5), p.2. 5. Duncan, D., Chu, X., Vecchiola, C., & Buyya, R. (2009, September 09). The Structure of the New IT Frontier: Cloud Computing – Part I. Available at: http://texdexter.wordpress.com/2009/09/09/the-structure-of-the-new-it-frontier-cloud-computing-%E2%80%93-part-i/[ Accessed 22, February2014]. 6. Higginbotham, S., 2009. Virtualized I/O Takes Cloud Computing to the Next Level. [Online] Available at: http://gigaom.com/2009/07/20/virtualized-io-takes-cloud-computing-to-the-next-level/ [Accessed 04 March 2014]. 7. IBM, 2010. Review and summary of cloud service level agreements. [Online] Available at: http://www.ibm.com/developerworks/cloud/library/cl-rev2sla.html [Accessed 21 February 2014]. 8. IT Governance Institute, 2000. COBIT® Framework, 3rd Edition. [Online] Available at: http://www.tcontas.pt/eurosai/lisboa_etc-seminar/Documents/Cobit/CobitFramework.pdf [Accessed 02 March 2014]. 9. Kasarkod, J., 2011. Virtual Panel: Cloud Services Governance. [Online] Available at: http://www.infoq.com/articles/cloud-services-governance [Accessed 21 February 2014]. 10. Knorr, E. & Gruman, G., 2009. What cloud computing really means, The next big trend sounds nebulous, but its not so fuzzy when you view the value proposition from the perspective of IT professionals. [Online] Available at: http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031 [Accessed 03 March 2014]. 11. Lennon, R.G. et al., 2009. Best practices in cloud computing: designing for the cloud. In Conference on Object Oriented Programming Systems Languages and Applications, Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications. Orlando, Florida, USA, 2009. ACM New York, USA. 12. Microsoft, 2009. Privacy in the Cloud Computing Era. Microsoft Corp. Redmond, USA: Microsoft Corporation. 13. Murray, P., 2009. Enterprise grade cloud computing. In European Conference on Computer Systems, Proceedings of the Third Workshop on Dependable Distributed Data Management. Nuremberg, Germany, 2009. ACM New York, USA. 14. Nitu, 2009. Configurability in SaaS (software as a service) applications. In India Software Engineering Conference, Proceedings of the 2nd India software engineering conference. Pune, India, 2009. ACM New York, USA. 15. Ottenheimer, D., 2013. Developing a cloud SLA: Key security and compliance issues. [Online] Available at: http://searchcloudsecurity.techtarget.com/tip/Developing-a-cloud-SLA-Key-security-and-compliance-issues [Accessed 20 February 2014]. 16. Santos, N., Gummadi, K.P. & Rodrigues, R., 2009. Towards Trusted Cloud Computing. USENIX. 17. TechTarget, 2009. Cloud Computing. [Online] Available at: http://searchcloudcomputing.techtarget.com/sDefinition/0,sid201_gci1287881,00.html [Accessed 03 March 2014]. 18. Pearson, S., 2009. Taking account of privacy when designing cloud computing services. In International Conference on Software Engineering, Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing. Vancouver, BC, Canada, 2009. IEEE Computer Society Washington, DC, USA. 19. Pokharel, M. & Park, J.S., 2009. Cloud computing: future solution for e-governance. In ACM International Conference Proceeding Series; Vol. 322, Proceedings of the 3rd International Conference on Theory and Practice of Electronic Governance. Bogota, Colombia, 2009. ACM New York, USA. 20. Powell, J., 2009. Cloud computing – what is it and what does it mean for education? Leicester Business School,DMU. 21. Sun Microsystems, 2009. Introduction to Cloud Computing architecture. White Paper, Ist Edition. Santa Clara, CA 95054 USA: Sun Microsystems, Inc. 22. Viewpointe Archive Services, LLC., 2013. Information Governance and Cloud Computing: Approaches for Regulated Industries, s.l.: Viewpointe Archive Services, LLC.. 23. White, C. & Boisvert, M., 2013. Private Cloud as a Service delivers OpenStack, ensures governance. [Online] Available at: http://searchcloudcomputing.techtarget.com/feature/Private-Cloud-as-a-Service-delivers-OpenStack-ensures-governance [Accessed 27 February 2014]. 24. Wood, T., Shenoy, P., Ramakrishnan, A. G. K. & Merwe, J. V. d., 2009. The Case for Enterprise-Ready Virtual Private Clouds. [Online] Available at: http://static.usenix.org/event/hotcloud09/tech/full_papers/wood.pdf [Accessed 25 February 2014]. 25. Zhang, X. et al., 2009. Securing elastic applications on mobile devices for cloud computing. In Conference on Computer and Communications Security, Proceedings of the 2009 ACM workshop on Cloud computing security. Chicago, Illinois, USA, 2009. ACM New York, USA. Read More