SlideShare ist ein Scribd-Unternehmen logo

Demystifying Cloud Contracts And SLAs

Als PPTX, PDF herunterladen
Bhavesh Bhagat, CGEIT, CISM (LION)
Bhavesh Bhagat, CGEIT, CISM (LION)

Cloud computing, Cloud Governance, Risk Management, Compliance, SAP, Cloud Security, Risk, Cyber security, Cloud services, Software compliance, Risk assessment,Force.com, Salesforce, ClearGRC, Start ups, Small business, Cloud computing technology, Risk intelligence, Social governance, Ethical governance, buy, custom development on cloud, ITO , GRC BPO , custom development on Salesforce, top 5, big data, GEW 50, Enterprise GRC, Governance, Risk, Regulatory Compliant Cloud, Inc 5000,GRC Platforms Governance, Chatter, growing eco-system, SAP, Security and assurance, Encryption, Top Security, ISO 27001 certified security, SLA, Cloud Contracts, Cloud encryption, Security assessments, SaaS, PaaS, IaaS, system security, Business Friendly, NO RISK, Resilient risk management, Global Risk Portfolio, compliance domains, Cloud 2.0, Cloud 101, GRC 2.0,Audit trail, Project management, Collaboration, workflow, Sustainable, Ethical, Globally, Corporate Governance, Sustainability Initiatives, SocialGRC, customer, Web-based, experts, global governance, privacy specialists, GRCWeaver, Security Solutions, global leader, IT Lifecycle, ERP technologies, Microsoft BizSparks, secure web-based applications, Cloud Security Alliance, Cloud Control Audit Matrices, stakeholders, Partners, ConfidentNOW, Webinar Series, Executives

1 von 25
ConfidentNOW Global Governance Webinar Series Cloud Contracts and SLAs Mastering SLA Governance Speaker – Dr. Ken Stavinoha, PhD, Cisco Mr. John Messina, Computer Scientist, NIST Host – Bhavesh C. Bhagat, EnCrisp - ConfidentGovernance.com CGEIT, CISM, MBA, BE ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Today’s Presenters Dr. Ken Stavinoha, PhD, CISM, CISSP – Cisco Mr. John Messina, Computer Scientist -NIST Bhavesh C. Bhagat, CISM, CGEIT, MBA, BE – EnCrisp – ConfidentGovernance.com ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
is an INC 500 award winning global leader in providing “business driven” solutions enhancing trust, governance, cyber security and risk transparency since 2004.  EnCrisp’ s Confident Governance® is award winning “Governance as a Service®- Cloud Governance™ Company. 2011 Global Entrepreneurship (GEW50) Kauffman 50 Global Awardee  Governance, Security, Risk, Audit and Social Compliance Collaboration platform that you access over the Internet and pay-as-you-go.  AWARDS – INC 500, 2011 Global Entrepreneurship Kauffman 50 Start-Ups, 2011 NVTC, Hot Ticket Hottest Buzz, 2011 GovTek Best Cloud Government Solution, 2010, Business Insurance Risk Technology ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud Contracts And SLA Governance i. Intro to Service Level Agreement ii. Cloud Services Scope and Control iii. SLA NIST Contracts iv. Risk Factors Affecting Cloud SLAs v. Resources and Next Webinar… ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud Services Scope and Control Source: NIST SP800-144 Draft ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
SLA Definition Service Agreement: known as “Terms of Service” ,“Terms and Conditions” A legal document specifying the rules of the legal contract between the cloud user and the cloud provider. Service-Level Agreement: A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. (NIST SP 800-146) ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud Computing Risks Source: Ernst & Young 2010 Global Information Security Survey Differences in Scope and Control among Cloud Service Models ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud Risk Mitigation Source: Ernst & Young 2011 Global Information Security Survey ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
What Providers Say: Cloud Adoption Drivers Source: 2011 Ponemon Insititute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
What Providers Say: Cloud Security Risk Mitigation Source: 2011 Ponemon Institute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
What Providers Say: Who is Responsible for Cloud Security Source: 2011 Ponemon Institute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
NIST CC Public Working Groups NIST’s Goal: Accelerate the federal government’s adoption of cloud computing – Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders Voluntary Working Groups with industry, SDOs, USG, academia (launched Nov. 5, 2010) • 5 Working Groups (Reference Architecture / Taxonomy, Security, Standards Roadmap, …) • 300+ registered members per working group ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Contract/SLA Subgroup • RATAX working group was asked to identify additional areas of cloud computing that could be better defined through the development of appropriate taxonomies • SLA sub-group focused on identifying if there was any suitable existing SLA format or guide that could be used to identify all the key elements that should go into a Cloud SLA • Existing contracts and research examined for commonalities and relationships in form and content • Collected/formulated definitions pertinent to cloud contracts and SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Role of Contracts and SLAs  Contracts and service level agreements play a key role in the procurement of cloud computing services.  The consumer may have an agreement with one provider, but the service may be delivered via a myriad of subcontractors or other dependencies who have no contractual obligation directly with the consumer.  Consumer may have no knowledge of these third parties unless the provider chooses, or is otherwise required, to disclose them, and yet these entities may incur risk for which the consumer could ultimately be liable. ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Agency Compliance Requirements • Computer Fraud and Abuse Act [PL 99-474, 18 USC 1030] • E-Authentication Guidance for Federal Agencies [OMB M-04-04] • Federal Information Security Management Act (FISMA) of 2002 [Title III, PL 107-347] • Freedom of Information Act as Amended in 2002 [PL 104-232, 5 USC 552] • Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy [OMB M-01- 05] • Homeland Security Presidential Directive-7, Critical Infrastructure Identification, Prioritization, and Protection [HSPD-7] • Internal Control Systems [OMB Circular A-123] • Management of Federal Information Resources [OMB Circular A-130] • Management’s Responsibility for Internal Control [OMB Circular A-123, Revised 12/21/2004] • Privacy Act of 1974 as amended [5 USC 552a] • Protection of Sensitive Agency Information [OMB M-06-16] • Records Management by Federal Agencies [44 USC 31] • Rehabilitation Act of 1973 [Section 508 Amendment] • Responsibilities for the Maintenance of Records About Individuals by Federal Agencies [OMB Circular A-108, as amended] • Security of Federal Automated Information Systems [OMB Circular A-130, Appendix III] • The Federal Risk and Authorization Management Program (FedRAMP) ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Four Pillars of SLA Governance Contract Legal Cloud Landscape SLA Service Provider Metrics ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud MSA Mind Map ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Cloud SLA Mind Map ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
FedRAMP CIS Worksheet ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Ongoing Work of NIST CC Contract and SLA Subgroup • Analyze negotiated SLAs/Contracts • Complete the NIST RA Cloud Contract/SLA draft document and present for public comment • Collaboration with the Cloud Metrics team • Participation in the ISO/IET JTC SC38 effort on cloud SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
THREE KEY TAKEAWAYS Look Before You Leap - Consumers need to perform reasonable due diligence in examining cloud providers and their subcontractors Solicit Input- A committee, rather than one or two individuals, should formulate the requirements for cloud contracts – including SLAs Don’t Reinvent the Wheel - Organizations should examine existing controls to identify key issues to include in cloud service contracts and SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
RESOURCES www.confidentgovernance.com/confidentnow http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf http://collaborate.nist.gov/twiki-cloud- computing/pub/CloudComputing/RATax_Jan20_2012/NIST_CC_WG_ContractSLA_Deliverable_Dra ft_v1.9.pdf http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_CloudMetrics http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final- april-2011.pdf http://www.ey.com/GL/en/Services/Advisory/IT-Risk-and-Assurance/13th-Global-Information- Security-Survey-2010---Information-technology--friend-or-foe-  http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf http://csrc.nist.gov/publications/PubsSPs.html. ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
Questions & Comments For additional Information: Ken E. Stavinoha, PhD NIST CC RA Contracts/SLA Sub-team Leader kstavino@mail.com John Messina Chair, NIST CC RA Working Group John.messina@nist.gov Bhavesh C. Bhagat Co-Founder, EnCrisp and ConfidentGovernance.com bb@encrisp.com ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
ConfidentNOW Global Governance Webinar Series NEXT WEBINAR IN SERIES Cloud Encryption DATE: Feb.28, 2013 TIME:11.00-11.45 A.M Speaker – Dr. Ken Stavinoha, Cisco System Dr. Sarbari Gupta, Electrosoft Host – Bhavesh C. Bhagat, EnCrisp – ConfidentGovernance.com Register Now: : http://bit.ly/WyH7R8 http://www.confidentgovernance.com/events/88-webinar ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators

Empfohlen

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect StormRamsés Gallego
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 

Empfohlen

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect StormRamsés Gallego
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talkBCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talkDavide Calvaresi
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoptionSudsanguan Ngamsuriyaroj
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?VDC Research Group
 
Increase your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinarIncrease your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinarHitachi Vantara
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
The Value of 'Cloud' in the Business Technology Ecosystem
The Value of 'Cloud' in the Business Technology EcosystemThe Value of 'Cloud' in the Business Technology Ecosystem
The Value of 'Cloud' in the Business Technology EcosystemBDPA Education and Technology Foundation
 
Cloud 101 Primer for Busy Executives
Cloud 101 Primer for Busy ExecutivesCloud 101 Primer for Busy Executives
Cloud 101 Primer for Busy ExecutivesBhavesh Bhagat, CGEIT, CISM (LION)
 
Cloud 101 Primer For Busy Executives
Cloud 101 Primer For Busy ExecutivesCloud 101 Primer For Busy Executives
Cloud 101 Primer For Busy ExecutivesBhavesh Bhagat, CGEIT, CISM (LION)
 
Presd1 10
Presd1 10Presd1 10
Presd1 10Niels Groeneveld
 

Weitere ähnliche Inhalte

Was ist angesagt?

SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talkBCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talkDavide Calvaresi
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?VDC Research Group
 
Increase your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinarIncrease your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinarHitachi Vantara
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 

Was ist angesagt? (19)

SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the Game
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overview
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, Intel
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
 
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talkBCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
BCT4MAS - Blockchain for Multi-Agent Systems - NTN invited talk
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Cloud security and adoption
Cloud security and adoptionCloud security and adoption
Cloud security and adoption
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?Managed Services: RFID's Newest Business Model?
Managed Services: RFID's Newest Business Model?
 
Increase your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinarIncrease your it agility and cost efficiency with hds cloud solutions webinar
Increase your it agility and cost efficiency with hds cloud solutions webinar
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
The Value of 'Cloud' in the Business Technology Ecosystem
The Value of 'Cloud' in the Business Technology EcosystemThe Value of 'Cloud' in the Business Technology Ecosystem
The Value of 'Cloud' in the Business Technology Ecosystem
 

Ähnlich wie Demystifying Cloud Contracts And SLAs

Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenJohn Rhoton
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmSergio Loureiro
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...Amazon Web Services
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceNavigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceUrolime Technologies
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Bni cloud presentation
Bni cloud presentationBni cloud presentation
Bni cloud presentationrichszy
 

Ähnlich wie Demystifying Cloud Contracts And SLAs (20)

Cloud 101 Primer for Busy Executives
Cloud 101 Primer for Busy ExecutivesCloud 101 Primer for Busy Executives
Cloud 101 Primer for Busy Executives
 
Cloud 101 Primer For Busy Executives
Cloud 101 Primer For Busy ExecutivesCloud 101 Primer For Busy Executives
Cloud 101 Primer For Busy Executives
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
IIA2013 PPT SLIDES DECK
IIA2013 PPT SLIDES DECKIIA2013 PPT SLIDES DECK
IIA2013 PPT SLIDES DECK
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für Großunternehmen
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibm
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceNavigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
 
Cloud provider transparency
Cloud provider transparencyCloud provider transparency
Cloud provider transparency
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Bni cloud presentation
Bni cloud presentationBni cloud presentation
Bni cloud presentation
 

Mehr von Bhavesh Bhagat, CGEIT, CISM (LION)

Redefining Compliance Processes : Conventional Tools Vs Agile Tools
Redefining Compliance Processes : Conventional Tools Vs Agile ToolsRedefining Compliance Processes : Conventional Tools Vs Agile Tools
Redefining Compliance Processes : Conventional Tools Vs Agile ToolsBhavesh Bhagat, CGEIT, CISM (LION)
 
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...Bhavesh Bhagat, CGEIT, CISM (LION)
 
A Business Directory Inside Your Salesforce Organization - Chatter Profiles
A Business Directory Inside Your Salesforce Organization - Chatter ProfilesA Business Directory Inside Your Salesforce Organization - Chatter Profiles
A Business Directory Inside Your Salesforce Organization - Chatter ProfilesBhavesh Bhagat, CGEIT, CISM (LION)
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 

Mehr von Bhavesh Bhagat, CGEIT, CISM (LION) (10)

Redefining Compliance Processes : Conventional Tools Vs Agile Tools
Redefining Compliance Processes : Conventional Tools Vs Agile ToolsRedefining Compliance Processes : Conventional Tools Vs Agile Tools
Redefining Compliance Processes : Conventional Tools Vs Agile Tools
 
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...
ConfidentNow Webinar Series : Top 3 Challenges Faced By Global Chief Complian...
 
Leveraging agility in Governing Health IT compliance
Leveraging agility in Governing Health IT complianceLeveraging agility in Governing Health IT compliance
Leveraging agility in Governing Health IT compliance
 
Bhavesh bhagat isaca ncac 2015
Bhavesh bhagat isaca ncac 2015Bhavesh bhagat isaca ncac 2015
Bhavesh bhagat isaca ncac 2015
 
A Business Directory Inside Your Salesforce Organization - Chatter Profiles
A Business Directory Inside Your Salesforce Organization - Chatter ProfilesA Business Directory Inside Your Salesforce Organization - Chatter Profiles
A Business Directory Inside Your Salesforce Organization - Chatter Profiles
 
Secure chatter brochure v1
Secure chatter brochure v1Secure chatter brochure v1
Secure chatter brochure v1
 
Bhavesh Bhagat Keynote at #GRC13.
Bhavesh Bhagat Keynote at #GRC13. Bhavesh Bhagat Keynote at #GRC13.
Bhavesh Bhagat Keynote at #GRC13.
 
Welcome to Tomorrow: Keynote PPT at #GRC13:
Welcome to Tomorrow: Keynote PPT at #GRC13: Welcome to Tomorrow: Keynote PPT at #GRC13:
Welcome to Tomorrow: Keynote PPT at #GRC13:
 
Bhavesh Bhagat Interview on Cloud Market Maturity ISACA
Bhavesh Bhagat Interview on Cloud Market Maturity ISACABhavesh Bhagat Interview on Cloud Market Maturity ISACA
Bhavesh Bhagat Interview on Cloud Market Maturity ISACA
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
 

Demystifying Cloud Contracts And SLAs

  • 1. ConfidentNOW Global Governance Webinar Series Cloud Contracts and SLAs Mastering SLA Governance Speaker – Dr. Ken Stavinoha, PhD, Cisco Mr. John Messina, Computer Scientist, NIST Host – Bhavesh C. Bhagat, EnCrisp - ConfidentGovernance.com CGEIT, CISM, MBA, BE ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 2. Today’s Presenters Dr. Ken Stavinoha, PhD, CISM, CISSP – Cisco Mr. John Messina, Computer Scientist -NIST Bhavesh C. Bhagat, CISM, CGEIT, MBA, BE – EnCrisp – ConfidentGovernance.com ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 3. is an INC 500 award winning global leader in providing “business driven” solutions enhancing trust, governance, cyber security and risk transparency since 2004.  EnCrisp’ s Confident Governance® is award winning “Governance as a Service®- Cloud Governance™ Company. 2011 Global Entrepreneurship (GEW50) Kauffman 50 Global Awardee  Governance, Security, Risk, Audit and Social Compliance Collaboration platform that you access over the Internet and pay-as-you-go.  AWARDS – INC 500, 2011 Global Entrepreneurship Kauffman 50 Start-Ups, 2011 NVTC, Hot Ticket Hottest Buzz, 2011 GovTek Best Cloud Government Solution, 2010, Business Insurance Risk Technology ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 4. Cloud Contracts And SLA Governance i. Intro to Service Level Agreement ii. Cloud Services Scope and Control iii. SLA NIST Contracts iv. Risk Factors Affecting Cloud SLAs v. Resources and Next Webinar… ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 5. Cloud Services Scope and Control Source: NIST SP800-144 Draft ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 6. SLA Definition Service Agreement: known as “Terms of Service” ,“Terms and Conditions” A legal document specifying the rules of the legal contract between the cloud user and the cloud provider. Service-Level Agreement: A document stating the technical performance promises made by the cloud provider, how disputes are to be discovered and handled, and any remedies for performance failures. (NIST SP 800-146) ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 7. Cloud Computing Risks Source: Ernst & Young 2010 Global Information Security Survey Differences in Scope and Control among Cloud Service Models ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 8. Cloud Risk Mitigation Source: Ernst & Young 2011 Global Information Security Survey ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 9. What Providers Say: Cloud Adoption Drivers Source: 2011 Ponemon Insititute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 10. What Providers Say: Cloud Security Risk Mitigation Source: 2011 Ponemon Institute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 11. What Providers Say: Who is Responsible for Cloud Security Source: 2011 Ponemon Institute Security of Cloud Computing Providers Study ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 12. NIST CC Public Working Groups NIST’s Goal: Accelerate the federal government’s adoption of cloud computing – Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders Voluntary Working Groups with industry, SDOs, USG, academia (launched Nov. 5, 2010) • 5 Working Groups (Reference Architecture / Taxonomy, Security, Standards Roadmap, …) • 300+ registered members per working group ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 13. Contract/SLA Subgroup • RATAX working group was asked to identify additional areas of cloud computing that could be better defined through the development of appropriate taxonomies • SLA sub-group focused on identifying if there was any suitable existing SLA format or guide that could be used to identify all the key elements that should go into a Cloud SLA • Existing contracts and research examined for commonalities and relationships in form and content • Collected/formulated definitions pertinent to cloud contracts and SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 14. Role of Contracts and SLAs  Contracts and service level agreements play a key role in the procurement of cloud computing services.  The consumer may have an agreement with one provider, but the service may be delivered via a myriad of subcontractors or other dependencies who have no contractual obligation directly with the consumer.  Consumer may have no knowledge of these third parties unless the provider chooses, or is otherwise required, to disclose them, and yet these entities may incur risk for which the consumer could ultimately be liable. ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 15. Agency Compliance Requirements • Computer Fraud and Abuse Act [PL 99-474, 18 USC 1030] • E-Authentication Guidance for Federal Agencies [OMB M-04-04] • Federal Information Security Management Act (FISMA) of 2002 [Title III, PL 107-347] • Freedom of Information Act as Amended in 2002 [PL 104-232, 5 USC 552] • Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy [OMB M-01- 05] • Homeland Security Presidential Directive-7, Critical Infrastructure Identification, Prioritization, and Protection [HSPD-7] • Internal Control Systems [OMB Circular A-123] • Management of Federal Information Resources [OMB Circular A-130] • Management’s Responsibility for Internal Control [OMB Circular A-123, Revised 12/21/2004] • Privacy Act of 1974 as amended [5 USC 552a] • Protection of Sensitive Agency Information [OMB M-06-16] • Records Management by Federal Agencies [44 USC 31] • Rehabilitation Act of 1973 [Section 508 Amendment] • Responsibilities for the Maintenance of Records About Individuals by Federal Agencies [OMB Circular A-108, as amended] • Security of Federal Automated Information Systems [OMB Circular A-130, Appendix III] • The Federal Risk and Authorization Management Program (FedRAMP) ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 16. Four Pillars of SLA Governance Contract Legal Cloud Landscape SLA Service Provider Metrics ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 17. Cloud MSA Mind Map ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 18. Cloud SLA Mind Map ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 19. FedRAMP CIS Worksheet ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 20. Ongoing Work of NIST CC Contract and SLA Subgroup • Analyze negotiated SLAs/Contracts • Complete the NIST RA Cloud Contract/SLA draft document and present for public comment • Collaboration with the Cloud Metrics team • Participation in the ISO/IET JTC SC38 effort on cloud SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 21. THREE KEY TAKEAWAYS Look Before You Leap - Consumers need to perform reasonable due diligence in examining cloud providers and their subcontractors Solicit Input- A committee, rather than one or two individuals, should formulate the requirements for cloud contracts – including SLAs Don’t Reinvent the Wheel - Organizations should examine existing controls to identify key issues to include in cloud service contracts and SLAs ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 22. RESOURCES www.confidentgovernance.com/confidentnow http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf http://collaborate.nist.gov/twiki-cloud- computing/pub/CloudComputing/RATax_Jan20_2012/NIST_CC_WG_ContractSLA_Deliverable_Dra ft_v1.9.pdf http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_CloudMetrics http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final- april-2011.pdf http://www.ey.com/GL/en/Services/Advisory/IT-Risk-and-Assurance/13th-Global-Information- Security-Survey-2010---Information-technology--friend-or-foe-  http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf http://csrc.nist.gov/publications/PubsSPs.html. ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 23. Questions & Comments For additional Information: Ken E. Stavinoha, PhD NIST CC RA Contracts/SLA Sub-team Leader kstavino@mail.com John Messina Chair, NIST CC RA Working Group John.messina@nist.gov Bhavesh C. Bhagat Co-Founder, EnCrisp and ConfidentGovernance.com bb@encrisp.com ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 24. ConfidentNOW Global Governance Webinar Series NEXT WEBINAR IN SERIES Cloud Encryption DATE: Feb.28, 2013 TIME:11.00-11.45 A.M Speaker – Dr. Ken Stavinoha, Cisco System Dr. Sarbari Gupta, Electrosoft Host – Bhavesh C. Bhagat, EnCrisp – ConfidentGovernance.com Register Now: : http://bit.ly/WyH7R8 http://www.confidentgovernance.com/events/88-webinar ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators
  • 25. ConfidentGovernance.com- Award winning Cloud migration experts Patent pending “Governance as a Service®” innovators

Hinweis der Redaktion

  1. Bhavesh
  2. Bhavesh to introduce Speakers and Thank EnCrisp and CG for hosting this series of webinars.
  3. EnCrisp CG Safe Harbor Disclosure
  4. Bhavesh to layout Agenda and discuss why Service Level Agreements and controls around them are something every executive in IT and Governance needs to be concerned about especially in Subscription Economy.
  5. Q for Ken – SO Ken - What we are seeing is tremendous amounts of market interest in moving towards the Cloud. can you please describe in a layman's term what these concepts mean before we dig too deep and why SLA is important in Cloud?And how do you define these terms for business executive who is not a lawyer.
  6. Ken – That’s excellent now from a risk point of view why are SLA and governance around it so important what is he risk perspective around this. And I know we will get into some risk mitigation approaches later, but lets discuss the overall scenario here.
  7. Ken
  8. Ken – This is good but what are Cloud provoiders saying about this SLA and metrics. Are they providing enough tracking for SLAs to be able to track and measure. We are working with Carnegie Mellon University whwre we are doing some exciting reasearch in automating this and we will dicuss this in future webinars.
  9. ken
  10. Bhavesh - It appears that SLAs and its importance only increses as you move down the stack I Cloud from SAAS to IAAS so vendor metric and transparency are key. Can you provide some thoughts around this.
  11. Bhavesh and John: Introduce NIST and the Sub Groups around Governance of Cloud.
  12. John
  13. John
  14. Bhavesh Q – for John – So John this is great and thank to you and your team for continuing to push forward in this regards can you please describe some immediate tangible reasons why SLA are so important seems to me that most people think this is options , but its not so flexible, some of the regulations mandate that we have to think of this now?
  15. John So John what the key risk areas to look at when we see SLA Governance and what are some of the tools NIST has developed to assist in helping in this regards.
  16. Bhavesh – This seems very unique in its approach, can you please describe the usefulness of Mind Maps in Governance. How deep should one go when we build these for an organization
  17. John
  18. Ken – So Ken how does one monitor this. We will be doing a special Automating FedRAMP CIS seminar in March where we will discuss the tool also, but from SLA point of view what do we need to think of in terms of documenting the process.
  19. John
  20. Bhavesh So Ken and John if you were to Summarize what are the three key points that we need to remember.
  21. bhavesh
  22. Bhavesh
  23. Bhavesh