Database Reference
In-Depth Information
Nondisclosure Agreements
Some organizations require CSP personnel to sign NDAs when deal-
ing with data. These are usually requested by organizations in order to
ensure that CSP personnel protect nonpublic information that is pro-
curement sensitive or affects predecisional policy, physical security, etc.
Organizations will need to consider the requirements and enforceabil-
ity of NDAs with CSP personnel. The acceptable behavior prescribed by
NDAs requires oversight, including examining the NDAs' requirements
in the rules of behavior and monitoring of end-user activities in the cloud
environment. CSP and end-user agreements such as TOS and NDAs are
important to both organizations and CSPs in order to clearly define the
acceptable behavior by end users and CSP personnel when using cloud
services. These agreements should be fully contemplated by both CSPs
and organizations prior to cloud services being procured. All such agree-
ments should be incorporated, either by full text or by reference, into the
CSP contract in order to avoid the usually costly and time-consuming
process of negotiating these agreements after the enactment of a cloud
computing contract.
Service-Level Agreements
Service-level agreements (SLAs) are agreements under the umbrella of
the overall cloud computing contract between a CSP and an organiza-
tion. SLAs define acceptable service levels to be provided by the CSP to
its customers in measurable terms. The ability of a CSP to perform at
acceptable levels is consistent among SLAs, but the definition, measure-
ment, and enforcement of this performance varies widely among CSPs.
Organizations should ensure that CSP performance is clearly specified in
all SLAs and that all such agreements are fully incorporated, either by full
text or by reference, into the CSP contract.
Terms and Definitions
SLAs are necessary between a CSP and customer to contractually agree
upon the acceptable service levels expected from a CSP. SLAs across
CSPs have many common terms, but definitions and performance
metrics can vary widely among vendors. For instance, CSPs can dif-
fer in their definition of uptime (one measure of reliability) by stating
Search WWH ::
Custom Search