Page 84 - Cloud computing: From paradigm to operation
P. 84

1                                    Framework and requirements for cloud computing


            8.4.2.8    Set up legal agreement

            The set up legal agreement activity concerns the service agreement between the cloud service customer
            and the chosen cloud service provider(s). This involves negotiating the service agreement between the cloud
            service customer and the chosen cloud service provider(s), aiming to meet the customer's needs.

            8.5     Cross-cutting aspects

            8.5.1   General
            Cross-cutting aspects include both architectural and operational considerations. Cross-cutting aspects apply
            to multiple elements within the description of the CCRA or in connection with its operation as an instantiated
            system. These cross-cutting aspects are shared issues across the roles, activities and functional components.
            For example, security is a cross-cutting aspect because it applies to infrastructure, services, cloud service
            providers, cloud service customers and cloud service partners (cloud auditors, cloud service developers
            etc.). All of these need to be secured, but how they are secured is different based on what is being secured.
            So, securing infrastructure and infrastructure services is very different from securing software services.
            Some cross-cutting aspects can apply to other cross-cutting aspects, for example, governance applies to
            functional elements as well as to the cross-cutting aspects of performance and security.
            Cross-cutting aspects often affect the cloud computing activities performed by roles. Roles can coordinate
            supporting  a  cross-cutting  aspect  amongst  themselves  and  their  cloud  computing  activities.  Supporting
            cross-cutting aspects also needs functional components to provide support for cloud computing activities,
            technical capabilities and implementations.

            For each cross-cutting aspect, a set of cloud computing activities and functional components are defined to
            support them. Different roles and solutions can use different subsets of these.

            Cross-cutting aspects include:
            •       auditability (clause 8.5.2);
            •       availability (clause 8.5.3);
            •       governance (clause 8.5.4);
            •       interoperability (clause 8.5.5);
            •       maintenance and versioning (clause 8.5.6);

            •       performance (clause 8.5.7);
            •       portability (clause 8.5.8);
            •       protection of personally identifiable information (clause 8.5.9);
            •       regulatory;
            •       resiliency (clause 8.5.10);

            •       reversibility (clause 8.5.11);
            •       security (clause 8.5.12);
            •       service levels and service level agreement (clause 8.5.13).

            8.5.2   Auditability
            Auditability is the capability of collecting and making available necessary evidential information related to
            the operation and use of a cloud service, for the purpose of conducting an audit. Related to the governance
            of  cloud  services  is  the  assurance  that  those  services  are  provided  and  used  in  consistency  with  the
            associated service agreements between the cloud service customers, cloud service providers and cloud
            service partners. This assurance is most often achieved by means of independent audits of services. An audit
            typically consists of an audit report or audit certification made available to the parties of the associated
            service agreements: the cloud service customers, the cloud service providers and the cloud service partners.





            76
   79   80   81   82   83   84   85   86   87   88   89