Service Level Agreements as a Service - Towards Security Risks Aware SLA Management

摘要

Cloud computing has matured to become a valuable on demand alternative to traditional ownership models for the provisioning of services, platforms and infrastructure. However, this raises many issues for Governance, Risk and Compliance (GRC) and in particular in terms of Information Systems Security Risk Management (ISSRM). Considering such issues lack attention and knowledge, particularly for small and medium sized en- terprises (SMEs), and that cloud computing Service Level Agreements (SLA) provide very limited support outside of basic Quality of Service (QoS) parameters, this paper argues that SLAs for cloud computing ser- vices should be more customer oriented and aware of security and risk management. A design is proposed where the SLA process, from context initialization to negotiation and agreement is decoupled from the actual cloud service provisioning and itself turned into a Service : SLA as a Service (SLAaaS). This should provide customers with much more customized and fine-grained agreements compared with the ones currently offered.