# Cloud Shared Considerations*

# Interoperability

Interoperability defines how easy it is to move and reuse application components regardless of the provider, platform, OS, infrastructure, location, storage, format of data or APIs, how well applications work together, and how well new applications work with other solutions present in the business, organization or provider's existing architecture.

Standards-based products, processes, and services are essential for entities to ensure the following:

  • Investments do not become prematurely technologically obsolete.
  • Organizations are able to easily change CSPs to flexibly and cost effectively support their mission.
  • Organizations can economically acquire commercial and develop private clouds using standards-based products, processes, and services.

Interoperability mandates that those components should be replaceable by new or different components from different providers and continue to work, as should the exchange of data between systems.

# Portability

Portability is the ability to move applications and associated data between one cloud provider and another or between legacy and cloud environments/public and private cloud environments.

Portability can help both prevent vendor lock-in and deliver business benefits by allowing identical cloud deployments to occur in different CSP solutions, either for the purposes of DR or for the global deployment of a distributed single solution.

Portability is the measure of how difficult it might be to move the organization's systems/data from a given cloud host to another cloud host.

# Reversibility

The process for customers to retrieve their data and application artifacts and for the provider to delete data after an agreed period, including contractually specified cloud service-derived data. This is important when moving from one CSP to another.

The ability of a cloud customer to quickly remove all data, applications, and anything else that may reside in the cloud provider's environment, and move to a different cloud provider with minimal impact to operations.

Involves aspects such as technical, operational, long-term support for the workload.

# Availability

Systems and resource availability defines the success or failure of a cloud-based service. As a SPOF for cloud-based services, where the service or cloud deployment loses availability, the customer is unable to access target assets or resources, resulting in downtime.

# Security

For many customers and potential cloud users, security remains the biggest concern, with security continuing to act as a barrier preventing them from engaging with cloud services.

# Privacy

In the world of cloud computing, privacy presents a major challenge for both customers and providers alike. The reason for this is simple: no uniform or international privacy directives, laws, regulations, or controls exist, leading to a separate, disparate, and segmented mesh of laws and regulations being applicable depending on the geographic location where the information may reside (data at rest) or be transmitted (data in transit).

# Resiliency

Cloud resiliency represents the ability of a cloud services data center and its associated components, including servers, storage, and so on, to continue operating in the event of a disruption, which may be equipment failure, power outage, or a natural disaster. It represents how adequately an environment can withstand duress.

# Performance

# Governance

The term governance relating to processes and decisions looks to define actions, assign responsibilities, and verify performance. The same can be said and adopted for cloud services and environments, where the goal is to secure applications and data when in transit and at rest. In many cases, cloud governance is an extension of the existing organizational or traditional business process governance, with a slightly altered risk and controls landscape.

Although governance is required from the commencement of a cloud strategy or cloud migration roadmap, it is seen as a recurring activity and should be performed on an ongoing basis.

# SLAs

# Auditability

Auditability allows for users and the organization to access, report, and obtain evidence of actions, controls, and processes that were performed or run by a specified user.

# Regulatory Compliance