Using COBIT 5 for Risk to Develop Cloud Computing SLA Evaluation Templates

  • Onyeka IllohEmail author
  • Shaun Aghili
  • Sergey Butakov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8954)


The use of cloud services as a business solution keeps growing, but there are significant associated risks that must be addressed. Despite the advantages and disadvantages of cloud computing, service integration and alignment with existing enterprise architecture remains an ongoing priority. Typically, quality of services provided is outlined in a service level agreement (SLA). A deficient template for evaluating, negotiating and selecting cloud SLAs could result in legal, regulatory, and monetary penalties, in addition to loss of public confidence and reputation. This research emphasizes (or advocates) the implementation of the proposed SLA evaluation template aimed at cloud services, based on the COBIT 5 for Risk framework. A gap analysis of existing SLAs was done to identify loopholes, followed by a resultant template where identified gaps were addressed.


Cloud computing Cloud users Cloud providers Service level agreements Software as a service Platform as a service Infrastructure as a service Everything as a service COBIT 5 for risk 



The first author will like to thank Concordia University of Edmonton’s research team for their guidance and support in the completion of this work. Their efforts, knowledge and experience were instrumental in making this paper a success. She acknowledges the Academic Research Council for the Student Research Grant awarded to her. She is also thankful to God Almighty, her family and friends; this has been a journey and she is very grateful for their love, support and encouragement.


  1. 1.
    Information Systems Audit and Control [ISACA]: Cloud computing management audit/assurance program (2010)Google Scholar
  2. 2.
    Gadia, S.: Cloud computing: an auditor’s perspective. ISACA J. 6, 1–2 (2009). Google Scholar
  3. 3.
    ISACA: Cloud governance: questions boards of directors need to ask (2013)Google Scholar
  4. 4.
    ISACA: Security considerations for cloud computing (2012)Google Scholar
  5. 5.
    Jirasek, V.: Cloud governance done right: examples from the trenches. BrightTALK (2013)Google Scholar
  6. 6.
    Sinnett, W.M: In the Cloud and Beyond. Financial Executive (February 2012)Google Scholar
  7. 7.
    CSA and ISACA: Cloud computing market maturity: study results (2012)Google Scholar
  8. 8.
    de Chaves, S. A., Westphall, C.B., Lamin, F.R.: SLA perspective in security management for cloud computing. In: IEEE ICNS, pp. 212–217 (2010)Google Scholar
  9. 9.
    Subbiah, S., Muthukumaran, S.S., Ramkumar, T.: Enhanced survey and proposal to secure the data in cloud computing environment. In: IJEST, vol. 5, no. 01 (2013)Google Scholar
  10. 10.
    Awad, R.: Considerations on cloud computing for CPAs. CPA J. 81(9), 11 (2011)Google Scholar
  11. 11.
    Jackson R.A.: Audit in a digital business world. In: The Internal Auditor Magazine, pp. 36–41 (2013)Google Scholar
  12. 12.
    Symantec Corporation: Choosing a cloud hosting provider with confidence: Symantec SSL certificates provide a secure bridge to trusted cloud hosting providers (2012)Google Scholar
  13. 13.
    Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. Gartner Research, ID G00157782 (2008)Google Scholar
  14. 14.
    Smith, D.M, Plummer, D.C, Bittman, T.J, Bova, T, Basso, M, Lheureux, B.J, Prentice, B.: Predicts 2013: cloud computing becomes an integral part of IT. Gartner, ID: G00230929 (2012)Google Scholar
  15. 15.
  16. 16.
    Wu, J., Shen, Q., Wang, T., Zhu, J., Zhang, J.: Recent advances in cloud security. J. Comput. 6(10), 2156–2163 (2011)Google Scholar
  17. 17.
    Tschinkel, B.: Cloud computing security understanding risk areas and management techniques (2011)Google Scholar
  18. 18.
    Gordon, M.: The compliant cloud. BrightTALK (2009)Google Scholar
  19. 19.
    Moore, J.: [CNBC]: Reducing security risks in cloud computing.
  20. 20.
    Badger, L., Grance, T., Patt-Corner, R., Voas. J.: Cloud computing synopsis and recommendations. In: NIST, vol. 800, p. 146. Special Publication (SP) (2011)Google Scholar
  21. 21.
    CSA: Security guidance for critical areas of focus in cloud computing v3.0 (2011)Google Scholar
  22. 22.
    NIST: NIST US government cloud computing technology roadmap, Release 1.0 (Draft) - In: NIST, vol. 500, p. 293. Special Publication (SP) (2011)Google Scholar
  23. 23.
    Patel, P., Ranabahu, A., Sheth, A.P.: Service level agreement in cloud computing (2009)Google Scholar
  24. 24.
    Wei, D.S.L., Murugesan, S., Kuo, S., Naik, K., Krizanc, D.: Enhancing data integrity and privacy in the cloud: an agenda. IEEE Comput. Soc. 46, 87–90 (2013)CrossRefGoogle Scholar
  25. 25.
    Bort, J.: The 10 most important companies in cloud computing. Business Insider (2013)Google Scholar
  26. 26.
    Loftus, T.: Public cloud vendors side by side by side. Wall Street J. 1–3 (2013).
  27. 27.
    Cloud Spectator: Cloud server performance: a comparative analysis of 5 large cloud IaaS providers (2013)Google Scholar
  28. 28.
    ISACA: COBIT 5 for risk framework, pp. 67–74 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Concordia University of EdmontonEdmontonCanada
  2. 2.Information Systems Assurance ManagementConcordia University of EdmontonEdmontonCanada

Personalised recommendations