Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts defines an ongoing security monitoring framework comprised of:
- Service availability
- Incident response
- Service elasticity and load tolerance
- Data life-cycle management
- Technical compliance and vulnerability management
- Change management
- Data isolation
- Log management and forensics
The concept is to provide continuous cloud-specific service level metrics in-between one-off or periodic assessments (e.g. using information technology audit standards such as ISO 2700x, SSAE 16 or ISAE 3402). For each suggested monitoring parameter examples are provided to help guide what to measure, how to measure it, how to obtain independent measurements, alerting & reporting thresholds and customer responsibilities.
Although there is a focus on public procurement, the issues are equally relevant in the private sector. There is also a 9-page checklist guide to the document "if you have little time available".
Posted on: 13 April 2012 at 08:20 hrs