The Open Data Center Alliance (ODCA) Security Provider Assurance (PA) usage model update takes the detailed specifications of the first generation PA and puts it in the language of an Request for Proposal) that IT managers can use to make it easier to comparison shop cloud data center providers.
On March 6, the ODCA updated most of its no-cost usage models with RFP language that can be used as the basis for gathering information from data center providers in preparation for putting one or more applications in a multi-tenant, cloud-based data center.
The first thing to note, if you are new to the ODCA, is that the PA usage model is by far the most detailed and well-developed of the usage models. This document covers patching frequency and physical access controls to data retention and security incident reporting.
As with all of the ODCA usage models, it makes the most sense for IT managers to start with what they do today and map that to the points laid out in the PA.
But that is just the first step. It’s important to keep in mind that moving applications to the cloud shouldn’t just be about replacing on-premise infrastructure. The next step is to leverage the benefits of a multi-tenant cloud environment, which presumably socializes the cost infrastructure and operations while boosting operational resilience and on-demand deployment flexibility. Long story short, you should be getting more IT productivity for the business buck.
The ODCA PA usage model can play a role in helping to make comparison shopping easier. The PA heavily pushes a bronze/silver/gold/platinum model for pricing and services. The services that should be provided at each of the four levels is spelled out in some detail by the PA model. The more IT managers use the RFP language and insist on seeing this four-tier service offering when it comes to comparing cloud data center offerings, the easier it will be to make and apples-to-apples comparison.