The big seven factors that often come about when negotiating an SLA with a cloud provider are:
Privileged User Access
– Know as much as you can about those who touch your data
Regulatory Compliance
– Ensure the provider is willing to undergo an audit
Data Location
– Ensure legal privacy standards are upheld by location
Data Segregation
– Identify the need for encryption, or providing some separation of your data from the data of others in the cloud
Recovery
– Ascertain what will happen when the service or data is unavailable, and how long a complete restore will take
Investigative Support
– What capabilities and support does the provider offer to investigate illegal activities
Long-term viability
– What happens if the provider is acquired
In the instance of multiple datacenters, however, it’s oftentimes unclear as to exactly where your data resides, and the privacy standards set forth by the cloud provider.
Microsoft has just released a whitepaper titled Privacy in the Cloud Computing Era. In it Microsoft sets forth ten guiding privacy principles by which policies surrounding privacy in the cloud are directed. The whitepaper also addresses legal and regulatory issues as part of Microsoft’s foray into Cloud Computing.
The whitepaper may be found here.