Versions Compared

Old Version 1

changes.mady.by.user Jason M Ragland

Saved on

compared with

New Version Current

changes.mady.by.user Cam Beasley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This content has moved.

Please see: https://security.utexas.edu/iso-policies/cloud-services/decision-matrix

Warning
titleIf you don't read anything else, read this...

This document is only a draft. The contents will change.

Infrastructure (yours and theirs)

  • Networking requirements: Some cloud services charge for the bandwidth that is used when transferring data to and from their service.   These cost should be clearly listed by the vendor.  Some the networking costs associated with cloud service are not so evident.
    o    Bandwidth - One of the most overlooked impacts of using cloud services has to do with its effect on your network bandwidth. Will your network continue to operate as expected once the cloud service traffic is introduced? Any loss in network performance could severely affect productivity. If network performance is unacceptable, does your department have the necessary expertise, hardware, and funding to upgrade?
    o    Redundancy - Contracting external cloud services now makes network availability more important than ever. Your productivity now depends on the network being available to reach your cloud services. Without a network connection, your ability to work is severely hindered. Your department may have to invest in making the network redundant in order to minimize any downtime that could lead to loss in productivity.
  • Control: If something goes wrong with the service, for example it doesn’t scale efficiently, the user has little recourse to correct the problem. The service provider may not be responsive to your needs to quick to resolve issues.
  • Multi-tenancy: Hardware, for example with platform virtualization, will be shared between tenants. Thus, it is possible that the other tenants' poor security/coding decisions could inadvertently affect your service. It’s up to the service provider to mitigate this, but is a potential risk. Dedicated resources may be available from the service provider, but will cost more.

Contracts and Lock-In

  • Contracts: Making cloud service providers clearly define service level agreements can save you money and headaches. Cloud service vendors also experience network, hardware, and unexpected failures. Defined SLAs will force vendors to keep their outages to a minimum, which keeps your services running for longer periods. There may be substantial penalties for canceling contracts either for moving to a cloud service from an existing service provider or away from the cloud provider if non-SLA covered expectations aren’t met.

Integration and Training

...