Meaningful Security SLAs
نویسندگان
چکیده
Service Level Agreements (SLAs) are the de facto method of managing IT Outsourcing (ITO) contracts. Negotiated during pursuit (pre-sales) phase and then used as a dashboard for performance management during delivery the SLA ultimately becomes both the lever and the measurable for revenue and margin performance on a contract. That SLAs should be meaningful, both for customers and vendors as defined by some objective criteria, seems obvious but evidence from procurement failures for large IT systems suggests otherwise. As a consequence of bringing a rigorous and analytical approach to negotiating meaningful SLAs for ITO deals we have encountered on two occasions a customer requirement for a performance oriented security SLA that was not meaningful by our definition. This has inspired an investigation into the possibility of offering alternative security SLAs that we believe would be meaningful to both HP and customers with potential for improved operational visibility into the cost of delivery that also differentiates HP’s offering.
منابع مشابه
Security SLAs - An Idea Whose Time Has Come?
Service Level Agreements (SLAs) have been used for decades to regulate aspects such as throughput, delay and response times of services in various outsourcing scenarios. However, security aspects have typically been neglected in SLAs. In this paper we argue that security SLAs will be necessary for future Internet services, and provide examples of how this will work in practice.
متن کاملTechnology Transfer of Dynamic IT Outsourcing Requires Security Measures in SLAs
For the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspective of the outsourcing customer by integration of security measures. The conducted survey indicates that cust...
متن کاملExpressing Cloud Security Requirements in Deontic Contract Languages
The uptake of Cloud computing is being hindered by the fact that not only are current Cloud SLAs written in natural language, but they also fail to cover security requirements. This paper considers a Cloud brokering model that helps negotiate and establish SLAs between customers and providers. This broker handles security requirements on two different levels; between the customer and the broker...
متن کاملEnabling Security in Cloud Storage SLAs with CloudProof
Several cloud storage systems exist today, but none of them provide security guarantees in their Service Level Agreements (SLAs). This lack of security support has been a major hurdle for the adoption of cloud services, especially for enterprises and cautious consumers. To fix this issue, we present CloudProof, a secure storage system specifically designed for the cloud. In CloudProof, customer...
متن کاملSLA-based Secure Cloud Application Development
The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services, is an additional problem. In recent years, the ...
متن کامل