×

Principle 12

Technology Services in the Cloud

Statement

Evaluating cloud based services for technology acquisitions will ensure a proper balance of service, security and costs.

Rationale

  • Technology services can be delivered effectively via the cloud and is a viable option to “on premise” servicing.
  • Cloud services are designed to support dynamic, agile and scalable processing environments.
  • The timing for implementation can be significantly different for local versus cloud services.
  • Operational costs can be significantly different for local versus cloud services..

Implications

  • An evaluation of on premise versus cloud services should be conducted for each technology acquisition. This is inclusive of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
  • The management of a Cloud Service Provider will be different to that of managing a vendor whose product is hosted on premise. The agreement should capture specific support parameters, response times and SLAs.
  • The security policies and services for the network, data and hosting premises should be clearly defined and disclosed by the Cloud Service Provider.
  • Data ownership and access of information assets should be clearly defined by the Cloud Service Provider.
  • Cloud Service Providers offer assurances that they provide secure isolation between the assets of each of their clients.
  • Cloud services should provide mechanisms to capture resource allocation, consumption, and produce measurements data.
  • Cloud services should seamlessly handle infrastructure failures and address how to meet performance-related SLAs.
  • Business continuity and disaster recovery plans, services and testing of Cloud Service Providers will be analyzed and reviewed in detail.
Last Modified:   Wed, August 7, 2024 8:21 PM CDT

Technology Services in the Cloud

Statement

Evaluating cloud based services for technology acquisitions will ensure a proper balance of service, security and costs.

Rationale

  • Technology services can be delivered effectively via the cloud and is a viable option to “on premise” servicing.
  • Cloud services are designed to support dynamic, agile and scalable processing environments.
  • The timing for implementation can be significantly different for local versus cloud services.
  • Operational costs can be significantly different for local versus cloud services..

Implications

  • An evaluation of on premise versus cloud services should be conducted for each technology acquisition. This is inclusive of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
  • The management of a Cloud Service Provider will be different to that of managing a vendor whose product is hosted on premise. The agreement should capture specific support parameters, response times and SLAs.
  • The security policies and services for the network, data and hosting premises should be clearly defined and disclosed by the Cloud Service Provider.
  • Data ownership and access of information assets should be clearly defined by the Cloud Service Provider.
  • Cloud Service Providers offer assurances that they provide secure isolation between the assets of each of their clients.
  • Cloud services should provide mechanisms to capture resource allocation, consumption, and produce measurements data.
  • Cloud services should seamlessly handle infrastructure failures and address how to meet performance-related SLAs.
  • Business continuity and disaster recovery plans, services and testing of Cloud Service Providers will be analyzed and reviewed in detail.