The following is an excerpt from The Official (ISC)2 Guide to the CCSP CBK, Second Edition, by Adam Gordon, CISSP-ISSAP, ISSMP, SSCP. This section from Domain 6 details different facets of cloud service-level agreements (SLAs) and explains the important role of an SLA in cloud risk management.
The cloud represents a fundamental shift in the way technology is offered. The shift is toward the consumerization of IT services and convenience. In addition to the countless benefits outlined in this book and those you may identify yourself, the cloud creates an organizational change (Figure 1).
It is important for both the CSP and the cloud customer to be focused on cloud risk management. The manner in which typical risk management activities, behaviors, processes, and related procedures are performed may require significant revisions and redesign. After all, the way services are delivered changes delivery mechanisms, locations, and providers — all of which result in governance and risk-management changes.
These changes need to be identified from the scoping and strategy phases through the ongoing and recurring tasks, both ad hoc and periodically scheduled. Addressing these risks requires that…
