79
Figure 5: Cloud service provisioning
Measures to prevent 'Cloud risks'
Main criteria for the Cloud services supply chain from production to user:
1.
Availability
2.
Confidentiality
3.
Integrity
4.
Contractual and legal assurance
Contractual and legal assurances are dealt with elsewhere in this book.
Criteria 1 to 3 above are, however, operative IT qualities which must be set
down with the supply chain partners in a Service Level Agreement in
addition to the contractual points.
Among other important factors, Cloud providers will also vary in the degree
to which the provisioned qualities can be verified. It is exactly this evidence
of service reliability that provides the Cloud user with the information he
needs in his cockpit to stay the course in these 'cloudy conditions'. The use
of measuring instruments and targets is mandatory in this regard for 'supply
chain' controllability and, just like a commercial pilot flying a Boeing from
London to Los Angeles, to check the readout and compare it with the
programmed flight course on a constant basis.
Audit evidence and certificates from recognised and reliable certification
centres can be a big help in this regard. These centres test the reliability of
the Cloud providers for users by performing mandatory and repeated audits,