Cloud Infrastructure

The Datacenter should be above Tier 3 to implement the cloud infrastructure and it is mandatory to follow the standards and procedures.

The main differences between cloud service categories relate to how control is shared between Customer and Provider, which is usually implicates the level of responsibility for both parties. It should be noted that in public  cloud services , the customer hardly has control over hardware, and it is up to which virtual components, applications and software are managed by the different parties that differentiates the cloud service categories.
Software as a Service gives customers with the minimum amount of control, but Infrastructure as a Service provides the most control for the customer.

Figure 1.1 shows how control is usually shared between the Cloud Service Provider and the customer. The  customer needs to discuss with the Cloud service provider on suitable provision of information security roles and responsibilities.
The information security roles and responsibilities of both parties should be stated in an agreement. The cloud service customer should identify and manage its relationship with the customer support and care function of the cloud service provider.

The cloud service provider should agree and document an appropriate allocation of information security roles and responsibilities with its cloud service customers, its cloud service providers, and its suppliers.