Cloud Adoption Policy Addendum

This agreement is a Service-Level Agreement between cloud vendor and customer BallotOnline for cloud hosting, migration, and operational services. This SLA is valid until superseded by a revised agreement approved by all stakeholders in writing.

Objectives

The purpose of this SLA is to ensure that both parties are clear about the commitments for the cloud hosting, migration, and operational services that are subject to this SLA. This SLA provides:

· Clear and measurable descriptions of services provided.

· Key metrics used to establish SLAs.

· Establish a clear understanding of expected service performance.

Stakeholders

The following Vendor and Customer will be used as the basis of the agreement and represent the primary stakeholders associated with this SLA:

Vendor: Cloud vendor.

Customer: BallotOnline

Services Agreement

This SLA is a living document and might be revised after a mutual agreement between parties. The agreement will be a collaborative project to procure cloud computing services and make them available to BallotOnline with any cloud provider of Cloud Computing services and software. High-level responsibilities include promising availability, data ownership, cloud hardware and software, disaster recovery, and backup.

Services Scope

This document aims to ensure that proper mechanisms are in place to provide high-quality service and support to both stakeholders. This SLA provides a clear description of Iaas services and support contract that provides a highly innovative, creative, cost-effective, and evolving environment.

Vendor Responsibilities

The responsibilities of the cloud vendor in support of this agreement are as follows:

· To create a cloud environment conducive to a cooperative relationship between cloud vendor and BallotOnline and to deliver and manage the entire infrastructure, including network, storage, server, virtualization, operating system, platform/middleware, and application software.

· Cloud vendor implements cloud processes to meet service level agreement.

· Generating quarterly reports to BallotOnline administration regarding service level performance

Customer Responsibilities

· The customer responsibilities in support of this agreement are as follows:

· Responding to inquiries from assigned cloud vendor staff responsible for resolving incidents and handling service requests.

· Be willing and available to provide critical information for any urgent matter.

· Be familiar with cloud vendor cloud security policies and procedures.

Services Management

· Backup, recovery, and refresh operations periodically.

· Establishing the scope of services, timeliness, hours of operation, recovery aspects, and service performance

· Translating business requirements into IT requirements

· Measuring SLA performance, reporting results, and adjusting as necessary

· Delineating roles and responsibilities

Service Availability/ Workload Requirements

Service Requests

On the side of administrations laid out in this agreement, cloud vendor will react to support related occurrences or potentially demands presented by BallotOnline inside the accompanying periods:

· 0-8 hours (during business hours) for issues named High need.

· Inside 48 hours on matters called Medium need.

· Inside five working days for issues delegated Low need.

Data Security, Privacy, and Governance

With cloud computing, BallotOnline can have extra effective procedures when targeting higher production at lower production costs. To complete this, BallotOnline requires to make sure that its operations and its information are protected. When examining information and compliance, it is essential to have the most recent security updates that focus on providing that any identified security loopholes are installed on the system. BallotOnline is under the CIA triad – confidentiality, integrity, and availability. To more clearly address how the policy addendum is more compliant with this, a list of understood details known information security and compliance-related concerns are specified listed below:

· Bring Your Own Devices (BYOD)

· Software management (updates and patches)

· General Data Protection Regulation (GDPR)

· Electronic Data Interchanges (EDI)/vendor management

· Internet of Things (IoT)

The policy addendum will address the first issue with BYOD with updated mobile device management protocols that can remove the access of selected accounts or completely wipe devices through remote control to remove the security vulnerability imposed by personal mobile devices. This will also be paired with a preliminary check of the appliances themselves, considering the cloud system. In cases of critical data involvement, the enforcement of device lock passwords and one-time passwords (OTP) would prevent its loss.

Updates and patches for software management must always be up-to-date, especially when it comes to commercial and open-source software. Not addressing these vulnerabilities would expose the organization to unnecessary risk factors; third-party software should be given attention in this case because it is necessary to implement the cloud infrastructure.

General Data Protection Regulation (GDPR) will also be beneficial in the security and compliance issues and ensure that all personal information of BallotOnline is protected and that the regulation by the vendor does not violate privacy. The General Data Protection Regulation tackles privacy, involving more than just security of data into how the organization utilizes the data and how it respects the privacy of individuals. This is important in the account of how clientele is global; therefore, the use of personal data only must be upon consent and the utilization of enterprise-wide data mapping and data inventories.

Electronic Data Interchanges and vendor system integration are significant sources of data breaches. There must be a strict policy regarding vendor information security and vendor compliance with privacy laws; a system that can be put up to ease that process would be incredibly beneficial.

The Internet of Things, referring to computing device interconnection, has received dramatic growth in interconnected devices and endpoints with its proliferation. This has caused security standards to be outdated and created many vulnerabilities in networks. The ways to address this would be annual penetration testing and IoT device sandboxing to limit access to sensitive data and credentials.

Cloud Vendor Governance Strategy

Under cloud vendor services such as Software as a Service (SaaS) and Infrastructure as a Service (IaaS), the focus would be on the supply of software and infrastructure, respectively. BallotOnline will hence be able to access the software provided by the vendor along with the support of services such as storage space, servers, and connections. Considering that cloud vendors are a significant source of data breaches, governance strategies must be thorough to avoid these situations. There must be a clear interrelation of the people, process, and technology involved in this governance strategy. A governance board must be established, consisting of corporate, departmental, and information technology management, which communicates well to bridge the information technology and the business itself. This board will oversee and collaborate with the business and address standardizations of the business essentials.

*Cloud Service Offerings

The governance structure will also have individuals negotiate along with the cloud providers and point persons for management. In general, however, the company will utilize a public cloud-based service that offers its services to multiple customers through the internet. Therefore, it will comply with regulations based on that, where vendors will also be required to do so.

*Cost Considerations

The critical price factors to consider are:

· Software Development and Maintenance

· Database Options

· Hardware and Communications

· Security and Privacy

· Data Compatibility

· Classified Computing and Cross-Domain Solutions

· Personnel

Cloud computing is idealized as the alternative to the traditional possession of the hardware. Some existing commercial products allowed for virtualization, which would improve affordability. The emphasis might be provided to virtualization; however, it needs to be done by considering updated versions without license costs.

*Vendor Lock-In

Considering that vendor lock-in is an obstacle to the cloud infrastructure, the policy requires innovation and must consider a system-wide perspective. It may be beneficial to execute a procedure for customer awareness of proprietary standards. Choosing vendors that are extra encouraging of standardized fundamentals would additionally help address this issue.

*Other Considerations

The credentials for vendors include little on credibility and market leadership position; the bare minimum is the capability to accomplish the fundamental goal. Financial security might be a necessary factor to consider as it would undoubtedly influence the company highly more than various other aspects.

Business and Technical Impact

From a business point of view, the business will increase a few advantages alongside other impactions that will be achieved by moving the organization's procedures, BallotOnline, into the cloud. In any case, the reasons that will provoke the transition to the cloud will have the most critical effect on the organization, subsequently demonstrate why it is essential for BallotOnline to move its procedures to the cloud. These reasons will have impacts, and these effects will likewise plot whether the utilization of the cloud for BallotOnline forms are fundamental or these procedures ought to be pulled down.

The impact of cloud computing on organizations has created a revolutionary turn against the traditional method of excessive hardware. The first benefit that cloud computing refers to is flexibility in every aspect of the infrastructure; services can be scaled, applications can be customized, and accessibility can be granted anywhere provided an internet connection is present. Every essentiality of the system can be supported on the cloud infrastructure, be it every available server or platform used.

Another highlighted benefit is the extreme efficiency provided by the cloud. It allows the marketing of applications and services and the providence and utilization of such with swift ease. Furthermore, there are no hidden costs that come with physical infrastructure bases or expensive maintenance. Many applications for office productivity are being updated to accommodate the cloud because it reduces costs on licensing.

Fundamentally, cloud-based technology is currently the most innovative available in the market. Enterprises that seek a competitive advantage would most definitely be advised to take the measures to incorporate this into their systems. Several ways on how this strategic value is exhibited are regular updates offered by the service providers to stay on top in terms of technology and collaborative possibility with locations worldwide. If the risk exposure is to be assessed, there are several ways to evaluate the cloud infrastructure for your system, keeping the negative impact low. Several things must focus on minimizing risks, such as potential savings, productivity, and speed. Therefore, it is fair to say that the advantages far outweigh the disadvantages in incorporating the cloud infrastructure.

Among the impacts of changes that will be seen in moving to the cloud diminishes the procedures that will have the association and predominantly those engaged with data innovation. Keep on including that the data innovation office will encounter a significant change in its operations since there will not be a great deal required from them. The organization would likewise have the option to process considerably progressively complex information, particularly those that are greater in size. On account of BallotOnline, there will be increment in the procedures that happen consistently, making it increment its creation and even become progressively effective. Clients will likewise encounter better administrations when the PCs are quicker, which will incite them to lean toward the administrations of BallotOnline. Another bit of leeway concerns the costs that join these organization procedures, particularly regarding utilizing the workers and the amount it would cost for BallotOnline to run its operations.

BallotOnline would, consequently, get the advantage of cost regarding moving to the cloud and furthermore have a specialized favorable position of having these procedures being taken care of by others who now have the experience and capacity. Through such an association, BallotOnline will likewise get administrations that can address their issues and not need to continue coming up short before running their workers all alone and gambling loss of time and assets.

Exit Strategy

It is essential to employ an exit strategy to minimize losses if failure to implement the cloud-based system happens. Exit strategy might be used in complete system implementation failure events, extreme data breaches that result in loss of data, intentional violations of service-level agreements with malicious intent, and disappearance by any administrators for extended periods or permanently. In the event of data privacy is violated, the partnership will be dissolved.

There may likewise be occasions where the cloud vendor may disregard the understanding they have with the organization. In this event, there should be measures that should be taken to help understand the circumstance. Getting the knowledge will likewise give BallotOnline the comprehension of how they could move toward the change through a lawful methodology that may make it smooth for the exit from the merchant. BallotOnline can likewise pick to utilize it as a leave methodology to predict the security of the data and safe exit from the seller.

Resources and Escalation Contacts

For the escalation plan, the only issues that may necessitate escalation would be the major ones, anything regarding implementing the cloud infrastructure, which is a considerably sensitive process. The contact, in this case, would be information technology experts that can handle the situation. Of course, before this happens, analysis and data gathering must be done correctly, and a unanimously agreed upon escalation matrix with contact points and paths for different areas and levels. Stakeholders need to be informed of this process, including those referred to for specific issues and the time frame. A good understanding of how escalation should be done needs to be encouraged to create timely escalations for resolutions.

Service Request Resources and Escalation Contact

1. Knowledge Base

- Search BallotOnline extensive library of information to get the answer to your question

2. Online Service Request

- BallotOnline Service Request System allows you to log and track service requests

- BallotOnline Service Request System allows you to manage your service requests easily

References

Alruwaili, F. F., & Gulliver, T. A. (2018). Secure migration to compliant cloud services: A case study. Journal of Information Security and Applications, 38, 50–64. https://doi-org.ezproxy.umgc.edu/10.1016/j.jisa.2017.11.004

BRUMĂ, L. M. (2020). An Approach for Information Security Risk Assessment in Cloud Environments. Informatica Economica, 24(4), 29–40. https://doi-org.ezproxy.umgc.edu/10.24818/issn14531305/24.4.2020.03

Cunningham, P. (2010). IT's Responsibility for Security, Compliance in the Cloud. Information Management Journal, 44(5), HT6-HT10. http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=ofm&AN=510915375&site=eds-live&scope=site

Farrell, R. (2010). Securing the Cloud-Governance, Risk, and Compliance Issues Reign Supreme. Information Security Journal: A Global Perspective, 19(6), 310–319. https://doi-org.ezproxy.umgc.edu/10.1080/19393555.2010.514655

Halili, M. K., & Cico, B. (2020). Sla Management for Comprehensive Virtual Machine Migration Considering Scheduling and Load Balancing Algorithm in Cloud Data Centers. International Journal on Information Technologies & Security, 12(4), 23–34. Retrieved from http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=iih&AN=147973510&site=eds-live&scope=site.

Stein, M., Campitelli, V., & Mezzio, S. (2020). Managing the Impact of Cloud Computing. CPA Journal, 90(6), 20–27. http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=f5h&AN=144364480&site=eds-live&scope=site