Abstract
The use of cloud services as a business solution keeps growing, but there are significant associated risks that must be addressed. Despite the advantages and disadvantages of cloud computing, service integration and alignment with existing enterprise architecture remains an ongoing priority. Typically, quality of services provided is outlined in a service level agreement (SLA). A deficient template for evaluating, negotiating and selecting cloud SLAs could result in legal, regulatory, and monetary penalties, in addition to loss of public confidence and reputation. This research emphasizes (or advocates) the implementation of the proposed SLA evaluation template aimed at cloud services, based on the COBIT 5 for Risk framework. A gap analysis of existing SLAs was done to identify loopholes, followed by a resultant template where identified gaps were addressed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Information Systems Audit and Control [ISACA]: Cloud computing management audit/assurance program (2010)
Gadia, S.: Cloud computing: an auditor’s perspective. ISACA J. 6, 1–2 (2009). http://www.isaca.org/Journal/Past-Issues/2009/Volume-6/Pages/Cloud-Computing-An-Auditor-s-Perspective1.aspx
ISACA: Cloud governance: questions boards of directors need to ask (2013)
ISACA: Security considerations for cloud computing (2012)
Jirasek, V.: Cloud governance done right: examples from the trenches. BrightTALK (2013)
Sinnett, W.M: In the Cloud and Beyond. Financial Executive (February 2012)
CSA and ISACA: Cloud computing market maturity: study results (2012)
de Chaves, S. A., Westphall, C.B., Lamin, F.R.: SLA perspective in security management for cloud computing. In: IEEE ICNS, pp. 212–217 (2010)
Subbiah, S., Muthukumaran, S.S., Ramkumar, T.: Enhanced survey and proposal to secure the data in cloud computing environment. In: IJEST, vol. 5, no. 01 (2013)
Awad, R.: Considerations on cloud computing for CPAs. CPA J. 81(9), 11 (2011)
Jackson R.A.: Audit in a digital business world. In: The Internal Auditor Magazine, pp. 36–41 (2013)
Symantec Corporation: Choosing a cloud hosting provider with confidence: Symantec SSL certificates provide a secure bridge to trusted cloud hosting providers (2012)
Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. Gartner Research, ID G00157782 (2008)
Smith, D.M, Plummer, D.C, Bittman, T.J, Bova, T, Basso, M, Lheureux, B.J, Prentice, B.: Predicts 2013: cloud computing becomes an integral part of IT. Gartner, ID: G00230929 (2012)
Gartner. http://www.gartner.com/technology/topics/cloud-computing.jsp
Wu, J., Shen, Q., Wang, T., Zhu, J., Zhang, J.: Recent advances in cloud security. J. Comput. 6(10), 2156–2163 (2011)
Tschinkel, B.: Cloud computing security understanding risk areas and management techniques (2011)
Gordon, M.: The compliant cloud. BrightTALK (2009)
Moore, J.: [CNBC]: Reducing security risks in cloud computing. http://www.cnbc.com/id/43139361/Reducing_Security_Risks_in_Cloud_Computing
Badger, L., Grance, T., Patt-Corner, R., Voas. J.: Cloud computing synopsis and recommendations. In: NIST, vol. 800, p. 146. Special Publication (SP) (2011)
CSA: Security guidance for critical areas of focus in cloud computing v3.0 (2011)
NIST: NIST US government cloud computing technology roadmap, Release 1.0 (Draft) - In: NIST, vol. 500, p. 293. Special Publication (SP) (2011)
Patel, P., Ranabahu, A., Sheth, A.P.: Service level agreement in cloud computing (2009)
Wei, D.S.L., Murugesan, S., Kuo, S., Naik, K., Krizanc, D.: Enhancing data integrity and privacy in the cloud: an agenda. IEEE Comput. Soc. 46, 87–90 (2013)
Bort, J.: The 10 most important companies in cloud computing. Business Insider (2013)
Loftus, T.: Public cloud vendors side by side by side. Wall Street J. 1–3 (2013). http://blogs.wsj.com/cio/2013/02/26/public-cloud-vendors-side-by-side-by-side/
Cloud Spectator: Cloud server performance: a comparative analysis of 5 large cloud IaaS providers (2013)
ISACA: COBIT 5 for risk framework, pp. 67–74 (2013)
Acknowledgement
The first author will like to thank Concordia University of Edmonton’s research team for their guidance and support in the completion of this work. Their efforts, knowledge and experience were instrumental in making this paper a success. She acknowledges the Academic Research Council for the Student Research Grant awarded to her. She is also thankful to God Almighty, her family and friends; this has been a journey and she is very grateful for their love, support and encouragement.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Illoh, O., Aghili, S., Butakov, S. (2015). Using COBIT 5 for Risk to Develop Cloud Computing SLA Evaluation Templates. In: Toumani, F., et al. Service-Oriented Computing - ICSOC 2014 Workshops. Lecture Notes in Computer Science(), vol 8954. Springer, Cham. https://doi.org/10.1007/978-3-319-22885-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-22885-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22884-6
Online ISBN: 978-3-319-22885-3
eBook Packages: Computer ScienceComputer Science (R0)