There seems to be growing interest in cloud service brokers (CSBs) and their role in the cloud computing ecosystem. For example, the Canadian Federal Government’s recent cloud strategy positions Shared Services Canada as the internal GC Cloud Broker.

What is a cloud service broker and is having one important for the Enterprise IT organization?

Definition of a CSB

ISO/IEC 17789-2014 (Information technology — Cloud computing — Reference architecture) defines the Cloud Service Broker in the following way:

“The cloud service broker is a sub-role of cloud service partner that negotiates relationships between cloud service customers and cloud service providers. The cloud service broker is not itself a cloud service provider and should not be confused with the role of inter-cloud provider (see clause 8.3.1.6). The cloud service broker role could be combined with or operate independently of the role of inter-cloud provider.

The cloud computing activities of a cloud service broker include:

  • acquire and assess customers;
  • assess marketplace;
  • set up legal agreement;

The marketplace assessment can happen prior to customer acquisition, creating pre-agreements with cloud service providers and this can enable cloud service customers to select cloud service providers from a service catalogue, possibly negotiating service details (e.g., service level objectives) at selection time.

In either case, the cloud service broker only acts during the contracting phase of the service, between the cloud service customer and cloud service provider. The cloud service broker is not involved during the consumption of the service. In such cases, the activities involve cloud service provider’s activities.”

NIST SP500-292 (Cloud Computing Reference Architecture), published in September 2011, defines the cloud broker this way:

“As cloud computing evolves, the integration of cloud services can be too complex for cloud consumers to manage. A cloud consumer may request cloud services from a cloud broker, instead of contacting a cloud provider directly. A cloud broker is an entity that manages the use, performance and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers. In general, a cloud broker can provide services in three categories [9]:

  • Service Intermediation: A cloud broker enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc.
  • Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers.
  • Service Arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. Service arbitrage means a broker has the flexibility to choose services from multiple agencies. The cloud broker, for example, can use a credit-scoring service to measure and select an agency with the best score.”

Finally, Gartner also has a definition for cloud services brokerage:

“Cloud services brokerage (CSB) is an IT role and business model in which a company or other entity adds value to one or more (public or private) cloud services on behalf of one or more consumers of that service via three primary roles including aggregation, integration and customization brokerage. A CSB enabler provides technology to implement CSB, and a CSB provider offers combined technology, people and methodologies to implement and manage CSB-related projects.”

Gartner first provided its guidance on cloud service brokerages in 2009 (which was quite early days for cloud computing) when they stated there were three types of cloud broker business (basically this was later adopted by the NIST):

  • Cloud service intermediation – value-added for cloud services from providers;
  • Cloud service aggregation – combines one or more services into a single new service; in aggregation-style brokerages, the services brokered are generally fixed and won’t change frequently and
  • Cloud service arbitrage – similar to aggregation except that underlying services are not fixed

Apparently, there is not yet any consensus or best practices for the roles and responsibilities of a CSB!

Organizational placement

The CSB can report into three different organizations:

  • Customer – The customer can provide a brokerage function in its internal IT organization (as is the case with the Canadian government, as noted earlier);
  • Third party – A systems integrator or value-added reseller could provide brokerage functionality intermediary, either as an outsourced service or as an independent service manager or orchestrator (e.g., a Microsoft cloud solution provider);
  • Cloud provider – Some cloud brokerage functions (such as IAM controls) could also be offered by the cloud provider (a lead provider, for example).

The cloud broker role could also be distributed, with each group providing selected functions. This could be called a virtual CSB.

For example, a third-party Cloud Access Security Broker (CASB) may offer specialty services that could be combined with in-house cloud administration services, as is defined by Gartner:

“Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.”

The optimal placement of the CSB will depend on what functions are being provided and what is offered by suppliers. For example, the ISO definition positions the CSB as a partner that performs functions that would not be available from a cloud service provider.

Cloud brokerage services

So, what should a cloud service broker do?

Unfortunately, there’s no definitive standard (yet) so the answer is – it depends! Several factors need to be considered. For example:

  • Does the CSB provide an in-line integration gateway or is it primarily administrative support?
  • Does the CSB negotiate of validate service provider features and service level agreements?
  • Does the CSB perform service optimization or performance and cost management?
  • Does the CSB design solutions and support hybrid deployment projects?
  • Does the CSB maintain and/or enhance the cloud provider’s basic services?
  • Does the CSB orchestrate disparate functions from various cloud providers?
  • Does the CSB monitor usage and track shadow IT across the enterprise?

There are potentially many other “value-added” support services.

The CSB services may vary by cloud service category as well. For example, a physical network exchange point, such as provided by Equinix, could be called a “Layer 1 broker.” An infrastructure broker might include diversification across multiple IaaS providers (such as AWS, Azure and Google Cloud). An application broker could integrate SaaS services from different providers.

Is having a CSB essential to cloud success?

Enterprise architects and operations managers must determine whether a CSB is a required organizational unit or whether is a service to be acquired from providers, or whether it is a combination of both.

IT executives must also determine what tools and processes are needed and how much can be automated – it’s easy to imagine a CSB maturity model.

Are you planning or have you implemented a CSB in your environment? If so, how did you justified it, and have the benefits proven to be true?

This is what I think. You may have “alternative facts.”



Related Download
A Guide to Private Cloud Security Sponsor: McAfee
A Guide to Private Cloud Security

Register Now