CIS502 discussion post responses.
Service Level Agreements
Cloud-based assets include any resources accessed via the cloud. Storing data in the cloud increases risks so additional steps may be necessary to protect the data, depending on its value. When leasing cloud-base services, you must understand who is responsible for maintenance and security. The cloud service provider provides the least amount of maintenance and security. List the three primary cloud-based service models and identify the level of maintenance provided by the cloud service provider in each of the models. Pick one of the models and provide an example of items to include in a service level agreement with the vendor. What would you advise your company to write into the SLA to protect your assets from a legal perspective? What are some examples of security you wouldn’t farm out? Why?
CC Post states the following:
Software as a Service (SaaS)
The capacity gave to the consumer is to utilize the supplier’s applications running on a cloud. Clients don’t oversee or control the fundamental cloud foundation including system, servers, working frameworks, stockpiling, or even individual application capacities, with the conceivable exemption of restricted limited individual application configuration settings.
Platform as a Service (PaaS)
the shopper is to convey onto the cloud foundation customer made or procured applications made utilizing programming dialects, libraries, administrations, and devices upheld by the supplier. clients don’t oversee or control the basic cloud foundation including system, servers, working frameworks, or capacity, however has power over the conveyed applications and perhaps arrangement settings for the application-facilitating condition.
Infrastructure as a Service (IaaS)
The capacity gave to the customer is to arrangement handling, stockpiling, systems, and other key registering assets where the shopper can convey and run discretionary programming, which can incorporate working frameworks and applications. Clients don’t oversee or control the fundamental cloud foundation however have command over working frameworks, stockpiling, and conveyed applications; and perhaps restricted control of select systems administration segments (like host firewalls).
Things That I would guarantee are remembered for a SaaS SLA are:
· Security/protection of the information encoding all information whether put away and transmitted)
· Catastrophe Recovery desires
· Area/Access/Portability of the information
· Procedure to recognize issues and goals desires
· Change Management process-refreshes or new administrations and so forth
· To guarantee resources from a legitimate viewpoint I would include:
· A Dispute intercession process (counting a heightening procedure, and outcomes)
· Leave Strategy/Termination concurrence with desires on the supplier to guarantee smooth progress
· Have outcomes written in if supplier neglects to up hold concurred terms.
Reference:
Watts, S., & Raza, M. (2019, June 15). SaaS vs PaaS vs IaaS: What’s The Difference and How To Choose. Retrieved from BMC: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/
JVP Post states the following:
Service Level Agreements
The three-primary cloud-based service models include software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). SaaS is a software distribution model provided by a third party made available to customers over the internet. Leading SaaS providers provide applications that help manage and maintain email, sales, financial, and human resource management programs to name a few. PaaS is a service that can be delivered in three ways such as a public cloud, private service, and as software deployed on a public infrastructure as a service. With PaaS the provider provides the operating system, storage, servers, database and other services to host the consumer application requirements. The IaaS model on the other hand is a cloud-based service in which the provider hosts the infrastructure components usually present in an on-premise data center, such components include servers, networking hardware, storage, and virtualization.
The model of choice would be SaaS with some of the items to be included in the service level agreement being proper inspection of outgoing traffic, ensuring it complies with the organization’s data loss prevention policy. Because email communication will need to be extremely secure, the provider must agree and be able to provide an effective email security gateway able to perform continuous security scans and web filtering of spam and malware. Regarding the service level agreement, I would advise the company to make the provider liable for any monetary loss caused by a security breach. Sustaining a competitive edge in todays market can easily be lost be a simple email leak disclosing product pricing, manufacturing details, or low-cost vender list. Not farming out any classified security breach incident information or location of material that is irreplaceable is important to the continual growth of the organization.
Reference
https://searchcloudcomputing.techtarget.com/definition/Software-as-a-Service