Seite 164 - Cloud Migration Version 2012 english

164 
4
PART
IV: S
ELECTION AND
C
ERTIFICATION OF
C
LOUD
S
ERVICES
Choosing a Provider 
Considering the huge choice of Cloud services, it is an enormous challenge 
to choose the right provider. For classical IT outsourcing, you could either 
base your choice on the provider's long‐term reputation, direct contact with 
the provider, or in many cases, the regional accessibility of the provider's IT 
facilities. However, none of these criteria are readily applicable for Cloud 
computing. A customer primarily rents a service and the way the provider 
delivers that service can be very complex and totally abstracted from 
regional considerations. 
64
It is, for example, necessary to check whether a national software service 
provider procures parts of its services (e.g. servers and storage) abroad, thus 
requiring special considerations regarding data privacy and tax law. A variety 
of services are now available the marketplaces and on portals, even as a 
private label. In these cases, it is necessary to find out who the actual service 
provider is. 
Compliance Requirements 
We understand the term compliance to mean observing legal and enterprise 
provisions to ensure orderly business operations. In the field of Cloud 
computing, one can only achieve auditability of compliance requirements by 
sufficient transparency in external service provision; concrete determination 
of the data location, the service provider, their functions, and contractual 
verification of all required performance guarantees. In addition to this, there 
is a duty to disclose any changes in provision of performance, which must 
then lead to an entitlement to terminate the agreement for good cause, and 
where an orderly return of the data to the user must be taken into 
consideration at an early stage. 
General Requirements 
There are a number of auditing schemas for IT outsourcing, however, all of 
them focus to a great extent on the issues of security and correct 
transaction handling. However, for the complex field of Cloud computing, all 
critical areas must be examined with regard to compliance requirements.  
It is very useful to start by classifying one's own requirements and the 
required degree of fulfilment as a ranking for each service. These are 
primarily:   
64
An expanded version of this chapter can be found under