Principle 12
Technology Services in the Cloud
Statement
Evaluating cloud based services for technology acquisitions will ensure a proper balance of service, security and costs.
Rationale
- Technology services can be delivered effectively via the cloud and is a viable option to “on premise” servicing.
- Cloud services are designed to support dynamic, agile and scalable processing environments.
- The timing for implementation can be significantly different for local versus cloud services.
- Operational costs can be significantly different for local versus cloud services..
Implications
- An evaluation of on premise versus cloud services should be conducted for each technology acquisition. This is inclusive of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
- The management of a Cloud Service Provider will be different to that of managing a vendor whose product is hosted on premise. The agreement should capture specific support parameters, response times and SLAs.
- The security policies and services for the network, data and hosting premises should be clearly defined and disclosed by the Cloud Service Provider.
- Data ownership and access of information assets should be clearly defined by the Cloud Service Provider.
- Cloud Service Providers offer assurances that they provide secure isolation between the assets of each of their clients.
- Cloud services should provide mechanisms to capture resource allocation, consumption, and produce measurements data.
- Cloud services should seamlessly handle infrastructure failures and address how to meet performance-related SLAs.
- Business continuity and disaster recovery plans, services and testing of Cloud Service Providers will be analyzed and reviewed in detail.
Last Modified: Wed, August 7, 2024 8:21 PM CDT
Technology Services in the Cloud
Statement
Evaluating cloud based services for technology acquisitions will ensure a proper balance of service, security and costs.
Rationale
- Technology services can be delivered effectively via the cloud and is a viable option to “on premise” servicing.
- Cloud services are designed to support dynamic, agile and scalable processing environments.
- The timing for implementation can be significantly different for local versus cloud services.
- Operational costs can be significantly different for local versus cloud services..
Implications
- An evaluation of on premise versus cloud services should be conducted for each technology acquisition. This is inclusive of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
- The management of a Cloud Service Provider will be different to that of managing a vendor whose product is hosted on premise. The agreement should capture specific support parameters, response times and SLAs.
- The security policies and services for the network, data and hosting premises should be clearly defined and disclosed by the Cloud Service Provider.
- Data ownership and access of information assets should be clearly defined by the Cloud Service Provider.
- Cloud Service Providers offer assurances that they provide secure isolation between the assets of each of their clients.
- Cloud services should provide mechanisms to capture resource allocation, consumption, and produce measurements data.
- Cloud services should seamlessly handle infrastructure failures and address how to meet performance-related SLAs.
- Business continuity and disaster recovery plans, services and testing of Cloud Service Providers will be analyzed and reviewed in detail.