Discussion on cloud services and the sla | Cloud Computing

Introduction less than 50 words and analysis 300 words

Attached the requirement file along with PDF book. 

Chapter 3 and section 4.3 (98-102) page look

Risks and Challenges. Whole discussion should co related to this section. 

=====================================================

We are going to explore the Web regarding cloud service level agreements (SLA). 

Topic- cloud services and the SLA

A. Find an article on the Web that is no more than 4 years old that describes a poor experience with cloud services and SLAs.

B. Remember the article must contain two (2) elements to be considered in this assignment, e.g. cloud services and the SLA.  You must use your own words. Do not copy and paste any part of the article into the discussion.

C. Once you have found an appropriate article, tell the story IN YOUR OWN WORDS and correlate the pertinent elements to Erl, 2013, Chapter 3, Section 3.4.  Be selective in the article you choose to explain to the class. 

D. Finally, summarize and provide your own recommendation on how to mitigate the problem(s) you described.

Here are the topics in Erl, 2013 that you must correlate your article towards. 

· Reduced Operational Governance Control

· Limited Portability Between Cloud Providers

· Multi-Regional Compliance and Legal Issues

*Be sure to read Erl, 2013, Chapter 3, Section 3.4 before your Web search to avoid making a critical mistake in your discussion.

Keep your story as short as possible.  Do not exceed 450 words.  Provide a valid link (URL) to your article so that we may find and read it.

Chapter 3

Section 3.4 (Page no 98- 102)

3.4. Risks and Challenges

Several of the most critical cloud computing challenges pertaining mostly

to cloud consumers that use IT resources located in public clouds are

presented and examined.

Increased Security Vulnerabilities

The moving of business data to the cloud means that the responsibility

over data security becomes shared with the cloud provider. The remote

usage of IT resources requires an expansion of trust boundaries by the

cloud consumer to include the external cloud. It can be difficult to

establish a security architecture that spans such a trust boundary

without introducing vulnerabilities, unless cloud consumers and cloud

providers happen to support the same or compatible security

frameworks—which is unlikely with public clouds.

Another consequence of overlapping trust boundaries relates to the

cloud provider’s privileged access to cloud consumer data. The extent to

which the data is secure is now limited to the security controls and

policies applied by both the cloud consumer and cloud provider.

Furthermore, there can be overlapping trust boundaries from different

cloud consumers due to the fact that cloud-based IT resources are

commonly shared.

The overlapping of trust boundaries and the increased exposure of data

can provide malicious cloud consumers (human and automated) with

greater opportunities to attack IT resources and steal or damage business

data. Figure 3.9 illustrates a scenario whereby two organizations

accessing the same cloud service are required to extend their respective

trust boundaries to the cloud, resulting in overlapping trust boundaries.

It can be challenging for the cloud provider to offer security mechanisms

that accommodate the security requirements of both cloud service

consumers.

Figure 3.9. The shaded area with diagonal lines indicates the overlap of two organizations’

trust boundaries.

Overlapping trust boundaries is a security threat that is discussed in

more detail in Chapter 6.

Reduced Operational Governance Control

Cloud consumers are usually allotted a level of governance control that is

lower than that over on-premise IT resources. This can introduce risks

associated with how the cloud provider operates its cloud, as well as the

external connections that are required for communication between the

cloud and the cloud consumer.

Consider the following examples:

• An unreliable cloud provider may not maintain the guarantees it makes

in the SLAs that were published for its cloud services. This can

jeopardize the quality of the cloud consumer solutions that rely on these

cloud services.

• Longer geographic distances between the cloud consumer and cloud

provider can require additional network hops that introduce fluctuating

latency and potential bandwidth constraints.

The latter scenario is illustrated in Figure 3.10.

Figure 3.10. An unreliable network connection compromises the quality of

communication between cloud consumer and cloud provider environments.

Legal contracts, when combined with SLAs, technology inspections, and

monitoring, can mitigate governance risks and issues. A cloud

governance system is established through SLAs, given the “as-a-service”

nature of cloud computing. A cloud consumer must keep track of the

actual service level being offered and the other warranties that are made

by the cloud provider.

Note that different cloud delivery models offer varying degrees of

operational control granted to cloud consumers, as further explained

in Chapter 4.

Limited Portability Between Cloud Providers

Due to a lack of established industry standards within the cloud

computing industry, public clouds are commonly proprietary to various

extents. For cloud consumers that have custom-built solutions with

dependencies on these proprietary environments, it can be challenging

to move from one cloud provider to another.

Portability is a measure used to determine the impact of moving cloud

consumer IT resources and data between clouds (Figure 3.11).

Figure 3.11. A cloud consumer’s application has a decreased level of portability when

assessing a potential migration from Cloud A to Cloud B, because the cloud provider of

Cloud B does not support the same security technologies as Cloud A.

Multi-Regional Compliance and Legal Issues

Third-party cloud providers will frequently establish data centers in

affordable or convenient geographical locations. Cloud consumers will

often not be aware of the physical location of their IT resources and data

when hosted by public clouds. For some organizations, this can pose

serious legal concerns pertaining to industry or government regulations

that specify data privacy and storage policies. For example, some UK

laws require personal data belonging to UK citizens to be kept within the

United Kingdom.

Another potential legal issue pertains to the accessibility and disclosure

of data. Countries have laws that require some types of data to be

disclosed to certain government agencies or to the subject of the data.

For example, a European cloud consumer’s data that is located in the

U.S. can be more easily accessed by government agencies (due to the U.S.

Patriot Act) when compared to data located in many European Union

countries.

Most regulatory frameworks recognize that cloud consumer

organizations are ultimately responsible for the security, integrity, and

storage of their own data, even when it is held by an external cloud

provider.

Summary of Key Points

• Cloud environments can introduce distinct security challenges, some of which

pertain to overlapping trust boundaries imposed by a cloud provider sharing IT

resources with multiple cloud consumers.

• A cloud consumer’s operational governance can be limited within cloud

environments due to the control exercised by a cloud provider over its platforms.

• The portability of cloud-based IT resources can be inhibited by dependencies

upon proprietary characteristics imposed by a cloud.

• The geographical location of data and IT resources can be out of a cloud

consumer’s control when hosted by a third-party cloud provider. This can

introduce various legal and regulatory compliance concerns.