Aspectos contractuales relevantes para servicios Cloud Computing

Abstract

Los servicios Cloud Computing se componen de tres modelos de despliegue principles que son: SaaS (Software as a Service), IaaS (Infraestructure as a Service) y PaaS (Platform as a Service). El impacto que la tendencia Cloud ha tenido en las organizaciones es muy notable y se apoya en las ventajas que ofrece en materia de ahorro de dinero, disminución del esfuerzo administrativo, agilidad en el despliegue de soluciones, entre muchas otras. Por otra parte, se deben tener en cuenta los riesgos asociados a su adopción dada la naturaleza de su operación, la cual es independiente del hardware y de la ubicación física. A pesar de la creciente demanda de servicios alojados en la nube, no existen aún los estándares o normas que permitan, de manera general, enmarcar y definir una correcta implementación del Cloud Computing entorno a la seguridad de la información.

Cloud computing services are composed of three main deployment models: SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service). The impact that Cloud has had a tendency in organizations is remarkable and is based on the advantages in terms of saving money, reduced administrative effort, agility in the deployment of solutions, among many others. Moreover, it should consider the risks associated with its adoption by the nature of its operation, which is independent of hardware and physical location. Despite the growing demand for services hosted in the cloud, there are still no standards or rules that allow, in general, framing and defining a correct implementation of cloud computing environment to information security. In this article the reader will find the result of an analysis to find those minimum features that a user, customer or supplier should take into account when offering or purchase a Cloud Computing service. This result was obtained through research on the state of the art technology, the experiences we have had some organizations and contractual issues that frame the information processing in Colombia and the world. Índice de Términos— Cloud Computing, Seguridad de la Información, Disponibilidad, Confidencialidad, Integridad, Riesgos, Controles, Estándar, Contrato, Clausula, Incidente de seguridad, jurisdicción de la información.