Reduced Operational Governance Control
Cloud consumers are usually allotted a level of governance control that is lower than that over on-premise IT resources. This reduced level of governance control can introduce risks associated with how the cloud provider operates its cloud, as well as the external connections that are required for communicate between the cloud and the cloud consumer.
Figures 1 – The shaded area with diagonal lines indicates the overlap of two organizations’ trust boundaries.
Consider the following examples:
- An unreliable cloud provider may not maintain the guarantees it makes in the SLAs that were published for its cloud services. This can jeopardize the quality of the cloud consumer solutions that rely on these cloud services.
- Longer geographic distances between the cloud consumer and cloud provider can require additional network hops that introduce ﬂuctuating latency and potential bandwidth constraints.
The latter scenario is illustrated in Figure 2.
Figure 1 – An unreliable network connection compromises the quality of communication between cloud consumer and cloud provider environments.
Legal contracts, when combined with SLAs, technology inspections, and monitoring, can mitigate governance risks and issues. A cloud governance system is established through SLAs, given the “as-a-service” nature of cloud computing. A cloud consumer must keep track of the actual service level being offered and the other warranties that are made by the cloud provider.
Note that different cloud delivery models offer varying degrees of operational control granted to cloud consumers.