Cloud Service Level Agreement Standardisation Guidelines

Résumé

Ce document élaboré par le comité C-SIG est un guide pour la normalisation des conditions des contrats de service (Service Level Agreement – SLA) pour le Cloud Computing mettant particulièrement l’accent sur les aspects de sécurité. Néanmoins, il est intéressant d’y retrouver un certain nombre de notions figurant dans les guides ETSI qui viennent d’être publiés telles que Service Level Objectives et les critères familiers aux lecteurs de Qostic (disponibilité, temps de réponse et capacité). Y manque juste le critère intégrité qui n’est pas explicitement cité, quoique largement sous-entendu.

Table of Contents

Preamble ……………………………………………………………………………………. 4

1. Principles for the development of Service Level Agreement Standards for Cloud Computing ………………………………………………………………………….. 5

1.1. Technology Neutral ………………………………………………………………………………………………….. 5
1.2. Business Model Neutral ……………………………………………………………………………………………. 5
1.3. World-wide applicability …………………………………………………………………………………………… 6
1.4. Unambiguous definitions ………………………………………………………………………………………….. 6
1.5. Comparable Service Level Objectives ………………………………………………………………………….. 6
1.6. Conformance through disclosure ……………………………………………………………………………….. 7
1.7. Standards and Guidelines which span customer types ………………………………………………….. 7
1.8. Cloud Essential Characteristics …………………………………………………………………………………… 7
1.9. Proof Points …………………………………………………………………………………………………………….. 8
1.10. Information Rather Than Structure …………………………………………………………………………. 8
1.11. Leave the Legal Agreement to Attorneys …………………………………………………………………. 9

2. Cloud SLA Vocabulary ………………………………………………………………… 10

3. Performance Service Level Objectives Overview ……………………………….. 15

3.1. Availability …………………………………………………………………………………………………………….. 15
3.2. Response Time ………………………………………………………………………………………………………. 16
3.3. Capacity ………………………………………………………………………………………………………………… 16
3.4. Capability Indicators ……………………………………………………………………………………………….. 17
3.5. Support …………………………………………………………………………………………………………………. 17
3.6. Reversibility and the Termination Process …………………………………………………………………. 18

4. Security Service Level Objectives Overview ……………………………………… 20

4.1. Service Reliability ……………………………………………………………………………………………………. 20
4.2. Authentication & Authorization ……………………………………………………………………………….. 21
4.3. Cryptography …………………………………………………………………………………………………………. 22
4.4. Security Incident management and reporting ……………………………………………………………. 23
4.5. Logging and Monitoring ………………………………………………………………………………………….. 39
4.6. Auditing and security verification …………………………………………………………………………….. 40
4.7. Vulnerability Management ………………………………………………………………………………………. 41
4.8. Governance …………………………………………………………………………………………………………… 42
4.8.1. Service changes ………………………………………………………………………………………………….. 42

5. Data Management Service Level Objectives Overview ………………………… 44

5.1. Data classification …………………………………………………………………………………………………… 44
5.2. Cloud Service Customer Data Mirroring, Backup & Restore …………………………………………. 28
5.3. Data Lifecycle…………………………………………………………………………………………………………. 48
5.4. Data Portability ………………………………………………………………………………………………………. 30

6. Personal Data Protection Service Level Objectives Overview ……………….. 51

6.1. Codes of conduct, standards and certification mechanisms …………………………………………. 52
6.2. Purpose specification ……………………………………………………………………………………………… 53
6.3. Data minimization ………………………………………………………………………………………………….. 33
6.4. Use, retention and disclosure limitation ……………………………………………………………………. 55
6.5. Openness, transparency and notice ………………………………………………………………………….. 34
6.6. Accountability ………………………………………………………………………………………………………… 35
6.7. Geographical location of cloud service customer data ………………………………………………… 59
6.8. Intervenability ……………………………………………………………………………………………………….. 60

Annex – Members of C-SIG on Service Level Agreements ……………………….. 62

Le document est disponible ici

Articles en relation :

Mots-Clés , ,