Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Best Practices for Cloud SLAs (Service Level Agreements)
April 12, 2016
Despite what almost 50% of the public believe, the "cloud" is not impacted by weather. Working in the cloud means that your data and/or processing occurs on systems that are not located on your premise. Typically, it means that you have contracted for services from a third party and access the service via the Internet. But what should you look for in a Service Level Agreement (SLA) with a cloud provider? Not to worry. Network World has published the 10 best cloud SLA practices as identified by the General Accountability Office (GAO). They include:
- Specify roles and responsibilities of all parties with respect to the SLA, and, at a minimum, include agency and cloud providers.
- Define key terms, such as dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance.
- Define clear measures for performance by the contractor.
- Specify how and when the agency has access to its own data and networks.
-
Specify the following service management requirements:
- How the cloud service provider will monitor performance and report results to the agency.
- When and how the agency, via an audit, is to confirm performance of the cloud service provider.
- Provide for disaster recovery and continuity of operations planning and testing, including how and when the cloud service provider is to report such failures and outages to the agency.
- Describe any applicable exception criteria when the cloud provider's performance measures do not apply (e.g., during scheduled maintenance or updates).
- Specify metrics the cloud provider must meet in order to show it is meeting the agency's security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the agency's data).
- Specifies performance requirements and attributes defining how and when the cloud service provider is to notify the agency when security requirements are not being met (e.g., when there is a data breach).
- Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com