New paper questions whether cloud consumers get what they pay for
Consumers need to be made more aware of what they’re purchasing in a cloud solution, according to the latest research paper.
The team of researchers, including IBM and Google, published their findings in a paper entitled ‘Verifying Cloud Services: Present and Future’, and aimed for this to be an education for cloud customers – punters need to examine “in breadth, rather in depth”, how a CSP performs.
The researchers put this down to a series of issues which need answering: is the service running the right software? Is the service doing what it is supposed to? How efficient is the service? Does it comply with security policies, if any?
Of course, this comes down to the niggling matter of SLAs. A CSP puts down an SLA, intending to give the client an idea of availability and performance. Yet the researchers say this isn’t always the case.
The paper argues strong “service identity” needs to be formed, and say there is no guarantee that the service provider’s output matches what’s deployed to the cloud. This can be due to several factors, most notably mistakes in administration.
Similarly, the report notes how “non-functional” elements, such as energy consumption and economics, are difficult to quantify because of “ad-hoc management” of quality of service (QoS) and SLAs.
Addressing this, the researchers call for a new model whereby QoS and SLA are “first-class citizens”, noting both the CSP and the consumer’s point of view, providing adequate governance for the consumer and autonomic SLA management for the provider.
Security is also addressed in the report, with the report advocating more tools for cloud users.
The researchers’ message is to not be tempted by just having an encryption solution. “Encryption is not a panacea for everything: data and resources are shared, applications are outsourced, and schemes to control the access to such resources sometimes fall short in the face of sloppy users, malicious insiders, or system misconfigurations,” the report adds.
The overall takeaway is that of a renewed outlook on QoS and SLA – but with almost an embarrassment of riches for consumers, even though the academics hope this will encourage more research, customers should be able to get a good deal for their cloud systems.
The full report can be read here. What do you make of this report?
- » Gartner’s cloud AI developer services Magic Quadrant sees AWS edge out Microsoft and Google
- » Cloud complexity and ‘terrifying’ IoT means organisations’ asset visibility is worsening – report
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » What is cyber insurance truly worth? Analysing the risks and responses
- » Realising the impact of unsecured container deployments: A guide