Cloud Audit

18.04.2012 10:30-11:30 Moderator:

Addressing Cloud Audit, Assurance and Compliance Needs – A Progress Report

A key enabler of cloud contracting and use -- all the way from comparison shipping and RfPs, through SLAs and monitoring, to auditing and regulatory enforcement -- is the availability of common vocabularies and operations for different service components. Open standards are required to make services comparable, portable and interoperable across vendors and architectures. As more organizations consider the shift toward cloud services, industry is working hard to offer new approaches to meet these challenges. During this session, experts will provide progress reports on some of the work underway that is addressing these needs.

• SMI defines service attributes in seven major functional categories (accountability, agility, assurance, financial, performance, security and privacy, and usability) that provide key performance indicators that can be collected and tailored by consumers to evaluate competing services based on business and technology requirements. The speaker for this portion will provide an overview of the SMI and its relationship to cloud auditing, and discuss how cloud marketplaces can leverage the SMI to enable greater cloud choice through evidence-based decisions.
• Many SDOs have been collecting real world cloud use cases addressing many of the concerns felt by industry. These use cases are being peered reviewed, with the hopes that these committees will identify gaps in standards and pave a way to move forward with future standardization efforts. An expert technical speaker will be on-hand to discuss the progress of SDO work in this area.
• And finally, this session will cover ongoing work within the EU cloud strategy, ENISA’s cloud SLA work, and the dependencies of critical services on cloud. This speaker will also focus on auditing schemes and ongoing work in CAMM (an assurance framework for cloud providers) and the minimum security measures for EU Telco’s, which entails another audit scheme.