An analysis of the alignment of the contracts for Cloud Computing with the norms and recommendations

Teófilo Branco

Resumo


This study evaluated whether the content of the contracts for the provision of IT services platforms in Computer Cloud (PaaS) of some suppliers is adequate to ensure the good practices of an offer and use these services by vendors and clients. To can be auditable, the services agreements must comply with the recommendations and standards of the regulatory bodies and these must clearly be being in their contracts. Through a literature review, this study analyzed the established standards and recommendations under consideration by groups of normative research of the cloud environment. After, we conducted a study about the contractual clauses for the provision of IT services platforms in Cloud for some wellknown suppliers that divulge their contracts on the web. A comparison between the recommendations and the terms of these contracts demonstrates there is still a lot to improve this relationship to provide compliance to safety auditability between both parties.


Texto Completo:

PDF (English)

Referências


Armbrust, M., Fox, A., Griffith, R., & Joseph, A. (2009). Above the clouds: A Berkeley view of cloud computing. University of California, Berkeley, Tech. Rep. UCB, 07–013. Retrieved from http://scholar.google.com/scholar q=intitle:Above+the+clouds:+A+Berkeley+view+of+cloud+computing#0

AWS - Amazon Web Services. (2010). Amazon CloudWatch Developer Guide API Version 2010-08-01 Amazon CloudWatch : Developer Guide.

AWS - Amazon Web Services. (2013a). Acordo de Nível de Serviço Amazon RDS. Retrieved from https://aws.amazon.com/pt/rds/sla/

AWS - Amazon Web Services. (2013b). Contrato de Nível de Serviço do Amazon S3. Retrieved from https://aws.amazon.com/pt/s3/sla/

AWS - Amazon Web Services. (2013c). Contrato de Nível de Serviços da Amazon EC2. Retrieved from https://aws.amazon.com/pt/ec2/sla/

Azure, M. (2015). Contrato de Nível de Serviço do Microsoft Azure. Retrieved from http://azure.microsoft.com/enus/support/legal/sla/

Azure, W. (2015). Service Level Agreements. Retrieved from https://azure.microsoft.com/en-us/support/legal/sla/

Benke, O., Johanssen, M., Maier, A., Merkin, A., Papanyan, K.,

Schopmeyer, K., & Shah, N. (2012). Base Metrics Profile V2, 1–91. Retrieved from http://www.dmtf.org/sites/default/files/standards/documents/DSP1053_1.1.0a.pdf

Buyya, R., Broberg, J., & Goscinski, A. (2011). Cloud Computing: Principles and Paradigms. Cloud Computing: Principles and Paradigms. John Wiley and Sons. Retrieved from

http://books.google.pt/books id=S1NvRRd77rQC&lpg=PT18&ots=HSi9o6Zo0g&dq=Cloud Computing:

Principles and Paradigms&lr&hl=pt-BR&pg=PT23#v=onepage&q=Cloud Computing: Principles and Paradigms&f=false

Catteddu, D., & Hogben, G. (2009). Benefits, risks, and recommendations for information security. Computing, 72(1), 2009–2013. http://doi.org/10.1007/978-3-642-16120-9_9

Chen, Y., Paxson, V., & Katz, R. (2010a). What’s new about cloud computing security. of California, Berkeley Report No. UCB/. California. Retrieved from http://www.utdallas.edu/~muratk/courses/cloud13s_files/what-is-new-incloud-security.pdf

Chen, Y., Paxson, V., & Katz, R. (2010b). What’s new about cloud computing security. … of California, Berkeley Report No. UCB/ …. Retrieved from http://www.utdallas.edu/~muratk/courses/cloud13s_files/what-is-new-incloud-security.pdf

Cloud, G. (2014). Google Compute Engine Service Level Agreement (SLA ). Retrieved from https://cloud.google.com/compute/sla

CSA Cloud Security Alliance. (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Cloud Security Alliance, 3, 155. http://doi.org/10.1016/S1353-4858(99)90042-9

CSA Cloud Security Alliance. (2015). CTP Data Model and API, rev. 2.13, (October). Retrieved from

https://downloads.cloudsecurityalliance.org/assets/research/cloudtrust-protocol/CTP-Data-Model-And-API.pdf

CSMIC. (2014). Service Measurement Index Introducing the Service Measurement Index ( SMI ), (July), 1–8. Retrieved from http://csmic.org/downloads/SMI_Overview_TwoPointOne.pdf

Dekker, M., Liveri, D., & Lakka, M. (2013). Cloud Security Incident Reporting - Framework for reporting about major cloud security incidents. European Union Agency for Network and Information Security.

http://doi.org/10.2788/14231

Dimitra, L. (ENISA). (2015). Cloud Security Guide for SMEs. (E. U. A. for N. and I. S. (ENISA), Ed.). http://doi.org/10.2824/508412

ETSI. (2013). Cloud Standards Coordination Final Report. European Telecommunications Standards Institute (ETSI) for the European Commission, (November), 59.

European Commission. (2014a). Cloud Service Level Agreement Standardisation Guidelines, 1–41.

European Commission. (2014b). Establishing a Trusted Cloud Europe. http://doi.org/doi:10.2759/44445

Giles Hogben, M. D. (2012). A guide to monitoring of security service levels in cloud contracts. ENISA Europe.

Retrieved from http://www.enisa.europa.eu/media/press-releases/procure-secure-enisa2019s-new-guide-formonitoring- cloud-computing-contracts

Google Cloud Plataform. (2015). Google Cloud Platform Terms of Service. Retrieved from https://cloud.google.com/terms/

Hoehl, M., & Pelaez, M. H. S. (n.d.). Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud.

IBM. (2014). IBM Cloud Services Agreement IBM Cloud Service Description : IBM Bluemix. Retrieved from

http://www-03.ibm.com/software/sla/sladb.nsf/pdf/6605-01/$file/i126-6605-01_06-2014_en_US.pdf

ISACA. (2014). Controls and Assurance in the Cloud : Using COBIT-5. Retrieved from www.isaca.org/controls-andassurance-in-the-cloud

Jansen, W., & Grance, T. (2011). Guidelines on Security and Privacy in Public Cloud Computing. Retrieved November 27, 2015, from http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909494

Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., & Leaf, D. (2011). NIST Cloud Computing Reference Architecture. Retrieved November 27, 2015, from http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505

M. Kanchana, Sk. Nazar Hussain, Kumar, M. K., & Praveen, C. (2013). Preserving Audit of Secure Data Storage Services in Cloud Computing. International Journal of Advanced Research in Computer Science, 4(5), 70–73. Retrieved from http://www.ijarcs.info/?wicket:interface=:3::::

Management Task Force, I. (DMTF). (2015). Cloud Audit Data Federation - OpenStack Profile, 1–60. Retrieved from https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.0.0.pdf

Meegan, J., Singh, G., Woodwar, S., Venticinque, S., & Rak, M. (2012). Practical Guide to Cloud Service Level Agreements version 1.0. Cloud Standards Customer Council, 1–44. Retrieved from

http://scholar.google.com/scholarhl=en&btnG=Search&q=intitle:Practical+Guide+to+Cloud+Service+Level+Agreements#0

Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology, Information Technology Laboratory (Vol. 145). http://doi.org/10.1136/emj.2010.096966

Myerson, J. M. (2013). Best practices to develop SLAs for cloud computing Develop a standard way to create service level agreements that multiple partners can use, 1–9. Retrieved from

http://www.ibm.com/developerworks/cloud/library/cl-slastandards/cl-slastandards-pdf.pdf

National Institute of Standards and Technology. (2013a). NIST Cloud Computing 6 Security Reference Architecture. Retrieved November 27, 2015, from http://bigdatawg.nist.gov/_uploadfiles/M0007_v1_3376532289.pdf

National Institute of Standards and Technology. (2013b). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved November 27, 2015, from

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

National Institute of Standards and Technology. (2015). Cloud Computing Service Metrics Description. Retrieved November 27, 2015, from http://www.nist.gov/itl/cloud/upload/RATAX-CloudServiceMetricsDescription-DRAFT-20141111.pdf

Networkworld. (n.d.). Retrieved from http://www.networkworld.com/article/2288002/cloud-computing/10-mostpowerful-paas-companies.html

Zhu, Y., Hu, H., Ahn, G.-J., & Yau, S. S. (2012). Efficient audit service outsourcing for data integrity in clouds. Journal of Systems and Software, 85(5), 1083–1095. http://doi.org/10.1016/j.jss.2011.12.024




DOI: http://dx.doi.org/10.18803/capsi.v16.016-024

Apontamentos

  • Não há apontamentos.