An analysis of the alignment of the contracts for Cloud Computing with the norms and recommendations
This study evaluated whether the content of the contracts for the provision of IT services platforms in Computer Cloud (PaaS) of some suppliers is adequate to ensure the good practices of an offer and use these services by vendors and clients. To can be auditable, the services agreements must comply with the recommendations and standards of the regulatory bodies and these must clearly be being in their contracts. Through a literature review, this study analyzed the established standards and recommendations under consideration by groups of normative research of the cloud environment. After, we conducted a study about the contractual clauses for the provision of IT services platforms in Cloud for some wellknown suppliers that divulge their contracts on the web. A comparison between the recommendations and the terms of these contracts demonstrates there is still a lot to improve this relationship to provide compliance to safety auditability between both parties.
Texto Completo:PDF (English)
Armbrust, M., Fox, A., Griffith, R., & Joseph, A. (2009). Above the clouds: A Berkeley view of cloud computing. University of California, Berkeley, Tech. Rep. UCB, 07–013. Retrieved from http://scholar.google.com/scholar q=intitle:Above+the+clouds:+A+Berkeley+view+of+cloud+computing#0
AWS - Amazon Web Services. (2010). Amazon CloudWatch Developer Guide API Version 2010-08-01 Amazon CloudWatch : Developer Guide.
AWS - Amazon Web Services. (2013a). Acordo de Nível de Serviço Amazon RDS. Retrieved from https://aws.amazon.com/pt/rds/sla/
AWS - Amazon Web Services. (2013b). Contrato de Nível de Serviço do Amazon S3. Retrieved from https://aws.amazon.com/pt/s3/sla/
AWS - Amazon Web Services. (2013c). Contrato de Nível de Serviços da Amazon EC2. Retrieved from https://aws.amazon.com/pt/ec2/sla/
Azure, M. (2015). Contrato de Nível de Serviço do Microsoft Azure. Retrieved from http://azure.microsoft.com/enus/support/legal/sla/
Azure, W. (2015). Service Level Agreements. Retrieved from https://azure.microsoft.com/en-us/support/legal/sla/
Benke, O., Johanssen, M., Maier, A., Merkin, A., Papanyan, K.,
Schopmeyer, K., & Shah, N. (2012). Base Metrics Profile V2, 1–91. Retrieved from http://www.dmtf.org/sites/default/files/standards/documents/DSP1053_1.1.0a.pdf
Buyya, R., Broberg, J., & Goscinski, A. (2011). Cloud Computing: Principles and Paradigms. Cloud Computing: Principles and Paradigms. John Wiley and Sons. Retrieved from
http://books.google.pt/books id=S1NvRRd77rQC&lpg=PT18&ots=HSi9o6Zo0g&dq=Cloud Computing:
Principles and Paradigms&lr&hl=pt-BR&pg=PT23#v=onepage&q=Cloud Computing: Principles and Paradigms&f=false
Catteddu, D., & Hogben, G. (2009). Benefits, risks, and recommendations for information security. Computing, 72(1), 2009–2013. http://doi.org/10.1007/978-3-642-16120-9_9
Chen, Y., Paxson, V., & Katz, R. (2010a). What’s new about cloud computing security. of California, Berkeley Report No. UCB/. California. Retrieved from http://www.utdallas.edu/~muratk/courses/cloud13s_files/what-is-new-incloud-security.pdf
Chen, Y., Paxson, V., & Katz, R. (2010b). What’s new about cloud computing security. … of California, Berkeley Report No. UCB/ …. Retrieved from http://www.utdallas.edu/~muratk/courses/cloud13s_files/what-is-new-incloud-security.pdf
Cloud, G. (2014). Google Compute Engine Service Level Agreement (SLA ). Retrieved from https://cloud.google.com/compute/sla
CSA Cloud Security Alliance. (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Cloud Security Alliance, 3, 155. http://doi.org/10.1016/S1353-4858(99)90042-9
CSA Cloud Security Alliance. (2015). CTP Data Model and API, rev. 2.13, (October). Retrieved from
CSMIC. (2014). Service Measurement Index Introducing the Service Measurement Index ( SMI ), (July), 1–8. Retrieved from http://csmic.org/downloads/SMI_Overview_TwoPointOne.pdf
Dekker, M., Liveri, D., & Lakka, M. (2013). Cloud Security Incident Reporting - Framework for reporting about major cloud security incidents. European Union Agency for Network and Information Security.
Dimitra, L. (ENISA). (2015). Cloud Security Guide for SMEs. (E. U. A. for N. and I. S. (ENISA), Ed.). http://doi.org/10.2824/508412
ETSI. (2013). Cloud Standards Coordination Final Report. European Telecommunications Standards Institute (ETSI) for the European Commission, (November), 59.
European Commission. (2014a). Cloud Service Level Agreement Standardisation Guidelines, 1–41.
European Commission. (2014b). Establishing a Trusted Cloud Europe. http://doi.org/doi:10.2759/44445
Giles Hogben, M. D. (2012). A guide to monitoring of security service levels in cloud contracts. ENISA Europe.
Retrieved from http://www.enisa.europa.eu/media/press-releases/procure-secure-enisa2019s-new-guide-formonitoring- cloud-computing-contracts
Google Cloud Plataform. (2015). Google Cloud Platform Terms of Service. Retrieved from https://cloud.google.com/terms/
Hoehl, M., & Pelaez, M. H. S. (n.d.). Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud.
IBM. (2014). IBM Cloud Services Agreement IBM Cloud Service Description : IBM Bluemix. Retrieved from
ISACA. (2014). Controls and Assurance in the Cloud : Using COBIT-5. Retrieved from www.isaca.org/controls-andassurance-in-the-cloud
Jansen, W., & Grance, T. (2011). Guidelines on Security and Privacy in Public Cloud Computing. Retrieved November 27, 2015, from http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909494
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., & Leaf, D. (2011). NIST Cloud Computing Reference Architecture. Retrieved November 27, 2015, from http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505
M. Kanchana, Sk. Nazar Hussain, Kumar, M. K., & Praveen, C. (2013). Preserving Audit of Secure Data Storage Services in Cloud Computing. International Journal of Advanced Research in Computer Science, 4(5), 70–73. Retrieved from http://www.ijarcs.info/?wicket:interface=:3::::
Management Task Force, I. (DMTF). (2015). Cloud Audit Data Federation - OpenStack Profile, 1–60. Retrieved from https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.0.0.pdf
Meegan, J., Singh, G., Woodwar, S., Venticinque, S., & Rak, M. (2012). Practical Guide to Cloud Service Level Agreements version 1.0. Cloud Standards Customer Council, 1–44. Retrieved from
Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology, Information Technology Laboratory (Vol. 145). http://doi.org/10.1136/emj.2010.096966
Myerson, J. M. (2013). Best practices to develop SLAs for cloud computing Develop a standard way to create service level agreements that multiple partners can use, 1–9. Retrieved from
National Institute of Standards and Technology. (2013a). NIST Cloud Computing 6 Security Reference Architecture. Retrieved November 27, 2015, from http://bigdatawg.nist.gov/_uploadfiles/M0007_v1_3376532289.pdf
National Institute of Standards and Technology. (2013b). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved November 27, 2015, from
National Institute of Standards and Technology. (2015). Cloud Computing Service Metrics Description. Retrieved November 27, 2015, from http://www.nist.gov/itl/cloud/upload/RATAX-CloudServiceMetricsDescription-DRAFT-20141111.pdf
Networkworld. (n.d.). Retrieved from http://www.networkworld.com/article/2288002/cloud-computing/10-mostpowerful-paas-companies.html
Zhu, Y., Hu, H., Ahn, G.-J., & Yau, S. S. (2012). Efficient audit service outsourcing for data integrity in clouds. Journal of Systems and Software, 85(5), 1083–1095. http://doi.org/10.1016/j.jss.2011.12.024
- Não há apontamentos.