What kind of cloud management tools and reporting capabilities do customers expect providers to offer on the front end?
There is no simple answer that will fit all users, as this will depend on the service deployment model and the customer's use case. It will also depend on the type and sensitivity of the data, the risk the customer is able to bear, the legal or regulatory compliance requirements and the service-level agreement (SLA) that is standard or negotiated.
The cloud customer expects that the data will be protected in the same manner or better than it would be if it were within its own enterprise boundary. Management tools with proper reporting, logs and support for multi-factored authentication are required. The customer must also have the ability to conduct (or hire a mutually agreeable third party to conduct) vulnerability assessment or penetration testing of the service provider's services, as required to ensure adherence to its SLA. Cloud customers expect to be notified of all performance, availability and security breaches in a timely manner.
If SLA requirements are location- or country-specific for data processing and storage, then customers need cloud management tools that can provide regular audit reports of verification to ensure compliance. The ability to report and provide proof that sensitive data was destroyed from the device's memory and shared resources upon terminating or logging off of a virtual machine (VM) is a crucial feature for many customers. Proper measures need to be in place to ensure that rogue VMs cannot be provisioned in a cloud customer's cloud environment.
Full disclosure of the name and profile of other cloud providers involved in the delivery of the service is also required; customers expect reporting functions that detail the geographic location of any data another provider handles. This enables customers to conduct risk assessments for their organizations and ensure compliance. The cloud provider's services and infrastructure are also expected to be a standards-based deployment that allows portability and has ISO 27000 certification or equivalent for the entire system that the customer will be using.
Cloud management tools that help customers track the integrity of the data is also very important -- especially when multiple copies of data exist in multiple locations and synchronization in real-time is crucial.
This was first published in January 2013