14 DAY TRIAL // One of the changes that Information Technology departments observe when comparing the use of cloud computing with the hosting of workloads on premises is the lack of a full visibility into the operations environment.
In other words, some of them won't benefit from having access to details concerning the operational aspects of a cloud service, though in some cases they will be visible to them.
The lack of transparency when it comes to cloud services most often results in a series of benefits being available for customers, including reduced costs and increased business agility.
However, there are also some companies that want transparency when it comes to the cloud services they use, thus signing specific agreements with their providers.
In the third video included in Trustworthy Computing’s Cloud Fundamentals video series, Mark Estberg, senior director in Microsoft’s Global Foundation Services, explains that customers and cloud services providers do need specific partnerships. The video was embedded at the bottom of this article.
Providers are responsible for the applications and data that customers entrust them with, especially when it comes to organizations that have compliance obligations.
Mark Estberg also notes that customers will need to be mindful of their requirements and make sure that they are indeed compatible with the deployment model their providers have to offer.
They can opt for periodic audits by various trusted auditors, while also choosing automated reporting. This combination could prove useful until richer automated reporting becomes available.
Those who are looking into putting the “right to audit” clause into the service agreement might not be able to enjoy the level of transparency they are looking for in the end.
According to Tim Rains, director, Trustworthy Computing, some of the reasons for that would be: Transparency or Breach: If each customer of a cloud provider has the unrestricted right to audit the cloud operations and infrastructure, the audit activity of one customer might constitute a breach or policy violation for other customers sharing the same cloud infrastructure.
The Cloud is a Stack: Cloud providers typically leverage the services and infrastructure of other vendors during the course of providing services to its customers. For example, network services to and from a cloud provider’s data center are likely provided by two or more network providers (for redundancy, load balancing, etc). Even if a “right to audit” clause provides visibility into a cloud provider’s environment, it likely won’t provide insight into the tiers of providers that constitute the cloud stack that the customer is leveraging. In other words, the “right to audit” clause won’t transmit to all the carriers that are involved in potentially providing service for that customer.
Audit or Innovate: If every customer in a multi-tenant environment periodically exercised a “right to audit”, this would drive out many of the efficiencies that create potentially lower costs and greater business agility for those tenants. Cloud providers would spend more time responding to steady streams of audit requests than innovating and creating the efficiencies that customers are looking for.
Those who would like to see the first two videos included in the Trustworthy Computing’s Cloud Fundamentals series should have a look at our previous report on the matter.