Assuring Provider Protection
There are four assurance levels with cloud provider protection, from the lowest, bronze, to the highest, platinum, which is equivalent to military security. Managing risks in interacting with cloud providers requires a process to provide an appropriate assurance level. While a cloud provider may support many levels of assurance, it is the cloud subscribers responsibility to evaluate its risk appetite and determine the appropriate level of security required. This evaluation may be done by the cloud subscriber when choosing a particular cloud provider, when selecting a security assurance level, or as part of the negotiation between the cloud subscriber and cloud provider.
Monitoring Input/Output Controls
Through the use of sufficient monitors, cloud subscriber consumption of I/O and cloud provider ability to provide I/O can be balanced appropriately. Ideally, the applications and workloads that a cloud subscriber submits to the cloud would be closely matched to the appropriate multi-tenant environment where the impact of the workload would not cause issues for other tenants, and where other tenants workloads would not constrain the throughput and latency requirements of their cloud neighbors.