Are Your Partners Ready for the Cloud? Part 2 – Actors in the Cloud
This is a series of posts on the opportunities brought about by advancement in cloud services and aims to summarize the main roles and value propositions channel partners can choose from. To review the first post, click here.
Actors in the Cloud
Who are the main players in today’s cloud based services?
This diagram, below, is based on the players as defined by National Institute of Standards and Technology (NIST), by the US Department of Commerce, in their Cloud Computing Reference Architecture dd .11 September 2011.
A CLOUD BROKER
As cloud computing evolves, the integration of cloud services can be too complex for cloud consumers to manage. A cloud consumer may request cloud services from a cloud broker, instead of contacting a cloud provider or cloud carrier directly. A cloud broker is an entity that manages the use, performance and delivery of cloud services and negotiates relationships between cloud providers, cloud carriers and cloud consumers.
In general, a cloud broker can provide services in three categories :
- Service Intermediary: A cloud broker enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc.
- Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers.
- Service Arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. Service arbitrage means a broker has the flexibility to choose services from multiple agencies. The cloud broker, for example, can use a credit-scoring service to measure and select an agency with the best score.
A CLOUD AUDITOR
A cloud auditor is a party that can perform an independent examination of cloud service controls with the intent to express an opinion thereon. Audits are performed to verify that they are conforming to standards through review of objective evidence. A cloud auditor can evaluate the services provided by a cloud provider and Cloud Carrier in terms of security controls, privacy impact, performance, etc.
Security controls are the management, operational, and technical countermeasures employed within an IT system to protect the confidentiality, integrity, and availability of the system and its information.
For security auditing, a cloud auditor can make an assessment of the security controls in the information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the security requirements for the system. Often it also includes the verification of the compliance with regulation and security policy.
Partners can choose from a long list of services to offer to the Cloud Consumers. As illustrated here, cloud service management can be described from the perspective of business support, provisioning and configuration, and from the perspective of portability and interoperability requirements. The collection called Cloud Service
Management includes all the service-related functions that are necessary for the management and operation of those services required by or proposed to cloud consumers.