Cloud service should have a higher level of security and reliability offer than before. Here are some basic requirements for Cloud Contract. We have published articles on Steps for Cloud Security, Checklist for Secure Cloud Computing, as well as some focus on Business related terminologies – demystifying Non Disclosure Agreement (NDA), Service Level Agreement (SLA) and Term Sheet. With the increasing number of cloud users, keeping the topic of security in the background, for any kind of information technology, users must be aware bring what level of security each solution provides and which cloud model matches with need. Any form of external power supply has its own characteristics, also on security issues.
Requirements for Cloud Contract : Abstract
When companies move their applications to the cloud, which is a completely different point of departure than as before when the companies were outsourcing in the traditional way their applications to an external IT service provider, as the CIO as a rule, is the controller of the corporate data, which is continuing to maintain, for applications that are delivered as a cloud service provider must perform a number of technical and process-related restrictions on their applications. This is not true in the case in conventional outsourcing.
Cloud services are establishing themselves increasingly and mixed IT environments are arising within the companies. According to the IT decision-makers, in a recent IDC survey, the users uses or implements almost half (45 percent) cloud services, another 36 percent are in the planning phase or dealing with the issue. Private cloud environments with 66 percent usage, currently still by far the preferred cloud variant, 35 percent use a hosted private cloud or public cloud solutions from the related (24 percent) services. This results to a heterogeneous IT environment within the company for using different sourcing models. As said before, however, safety (65 percent), and privacy concerns (41 percent) are by far the most important reasons why the companies prefer not to choose and use the cloud services.
---
Requirements for Cloud Contract : Rule of Nine
The decision to use cloud services from the perspective of IDC principle, therefore, for a given cloud service; the company needs a higher level of IT security and reliability features than before. The following points are deducted from IDC’s basic requirements in contract negotiations.
Access rights
Cloud services providers must be able to demonstrate that the control of the internal staffs, supervision, access can be exercised at any time, so that the reliability and integrity of internal staff is ensured. A cloud provider should therefore always secure identification and access to appropriate organizational, personnel and technical measures.
Statutory Compliance
There are still large uncertainties, what data can be moved externally in which cloud variant. Therefore, Data Storage on Cloud (50 percent) and contracts under laws (48 percent) currently are the two most important security requirements of the surveyed IT decision-makers against the Hosted and public cloud providers.
Although, ultimately always the buyer is responsible for compliance with legal compliance, but the responsibility for compliance with the consistent quality of the operations should be respected by the service provider. The apportionment of liability between cloud providers and customers must be clarified and held in a legally-binding contracts. Independent audits must be described and the resolution of conflicting requirements must be defined. This is the only way to achieve transparency.
Application Certificates
Legally valid certificates are also a prerequisite for the cloud services, as they confirm that the company, which for the domain or the server is responsible for actual existence. After observation by IDC, the importance of standards and certification continues to rise sharply, because they create trust and compliance with legal regulations which can be demonstrated.
Data Source
Privacy Rights are pronounced if data is on US servers. In addition, the Cyber ‹‹attacks are not only stubborn but they are also far more sophisticated now. The contracts must therefore also ensure compliance with the range of local data protection requirements, which are also subject to constant change.
Data Separation
Since public cloud services are client-capable and on the same server or software system serving multiple customers, it is essential to ensure that the cloud hosting provider guarantees the safety at all the times. The provider must therefore demonstrate acceptable measures for the continuous monitoring of data processing.
Data Recovery
The provider must be able in the event of a failure or disaster, to recover the data. Again, this should always be part of the contract and even control of the maximum downtime for some incidents.
Transfer of applications
To integrate cloud services into the existing IT landscape and to allow continuous processes, some local modifications are usually necessary. This leads to cost savings. At the same time however, this can also be an obstacle for any future transfer of the application. It is important to lay primarily on interoperability solutions of contractual value. This is technically a most challenging aspects of the migration to public cloud solutions. Deletion of all data after switching providers (32 percent) is particularly important.
Business Continuity
Company reorganize, join together with other data centers and consolidated. Cloud services contracts should regulate the transfer of data between different data centers clear to even with large changes ensure the operation at any time.
Monitoring and Reporting
This aspect can be complex, particularly in the use of public cloud services. Especially when different bodies bear the legal responsibility and costs for the company. The IT department should take over the monitoring and reporting, ideally centrally to realize synergies and reduction of the costs.
Requirements for Cloud Contract : Conclusion
The selection of the appropriate cloud delivery models depends mainly on the current home-grown security line of the company. In addition, the security concerns also depend heavily on the experience and level of information of the company. Ultimately, however, the CIO will continue to be responsible for IT security in companies irrespective of how and what kind of cloud services are used. CIOs and IT managers in particular play a leading role in the treaty actions for the introduction of cloud services, and optionally also resorting to neutral external consultants.
