Page 84 - Cloud computing: From paradigm to operation
P. 84
1 Framework and requirements for cloud computing
8.4.2.8 Set up legal agreement
The set up legal agreement activity concerns the service agreement between the cloud service customer
and the chosen cloud service provider(s). This involves negotiating the service agreement between the cloud
service customer and the chosen cloud service provider(s), aiming to meet the customer's needs.
8.5 Cross-cutting aspects
8.5.1 General
Cross-cutting aspects include both architectural and operational considerations. Cross-cutting aspects apply
to multiple elements within the description of the CCRA or in connection with its operation as an instantiated
system. These cross-cutting aspects are shared issues across the roles, activities and functional components.
For example, security is a cross-cutting aspect because it applies to infrastructure, services, cloud service
providers, cloud service customers and cloud service partners (cloud auditors, cloud service developers
etc.). All of these need to be secured, but how they are secured is different based on what is being secured.
So, securing infrastructure and infrastructure services is very different from securing software services.
Some cross-cutting aspects can apply to other cross-cutting aspects, for example, governance applies to
functional elements as well as to the cross-cutting aspects of performance and security.
Cross-cutting aspects often affect the cloud computing activities performed by roles. Roles can coordinate
supporting a cross-cutting aspect amongst themselves and their cloud computing activities. Supporting
cross-cutting aspects also needs functional components to provide support for cloud computing activities,
technical capabilities and implementations.
For each cross-cutting aspect, a set of cloud computing activities and functional components are defined to
support them. Different roles and solutions can use different subsets of these.
Cross-cutting aspects include:
• auditability (clause 8.5.2);
• availability (clause 8.5.3);
• governance (clause 8.5.4);
• interoperability (clause 8.5.5);
• maintenance and versioning (clause 8.5.6);
• performance (clause 8.5.7);
• portability (clause 8.5.8);
• protection of personally identifiable information (clause 8.5.9);
• regulatory;
• resiliency (clause 8.5.10);
• reversibility (clause 8.5.11);
• security (clause 8.5.12);
• service levels and service level agreement (clause 8.5.13).
8.5.2 Auditability
Auditability is the capability of collecting and making available necessary evidential information related to
the operation and use of a cloud service, for the purpose of conducting an audit. Related to the governance
of cloud services is the assurance that those services are provided and used in consistency with the
associated service agreements between the cloud service customers, cloud service providers and cloud
service partners. This assurance is most often achieved by means of independent audits of services. An audit
typically consists of an audit report or audit certification made available to the parties of the associated
service agreements: the cloud service customers, the cloud service providers and the cloud service partners.
76
