The external services offered by a cloud provider are provided via internet connections. More often than not, these services suffer from congestion, or malicious attacks emanating from a diversion of resources as a result of an attack on the service provider, an attack on one of their service providers or by a successful penetration and use of the service itself as the tool for further attacks on other sites.
To address this risk, the organization can:
- Ensure cloud services are only used for applications that are not affected by degradation of service.
- Use alternate carriers to obtain redundant lines to the service provider to secure alternate connecting lines to the service.
- Implement relevant and sustainable alternatives for services during periods of service degradation.
In case service outages arise. To address this risk, the organization should do the following:
- Validate that the provisioned service by the service provider has sufficient capacity and multiple service sources to reduce outages
- Establish a SLA with the service provider on the minimum acceptable availability performance levels with contractual penalties for non-compliance
- Ensure that the established level of service availability is proportional to business productivity
- Validate that the service provider executes a proactive backup program and recovery plan
- Validate that the service provider recovery plan is tested regularly
- Confirm the availability of alternative service options at moments of non-availability of service
- Implement relevant and sustainable alternatives for services during an outage