The “as-a-service” approach, which delegates all kinds of resources to remote cloud service providers (CSPs), calls for new security methodologies that introduce security mechanisms and controls in a modular way. This is the base notion behind SPECS security-as-a-service offering.
Cloud service customers (CSCs) need to know the (security) grants that cloud service providers (CSPs) are able to offer. Security service level agreements (SecSLAs) are transparent and standard mechanisms to clearly specify the responsibilities of the parties involved, in particular CSPs and CSCs, with respect to security.
Moreover, CSCs need to select/procure cloud services according to their specific security requirements. However, the state of the art is currently lacking both a clear definition of possible Service Level Objectives (SLO) (i.e. the committed terms defined in the Security SLAs), and their measured levels including the techniques for monitoring security parameters.
A CSC might have difficulty in comparing different cloud service offerings in terms of the security being offered by CSPs. Moreover, a CSC has no tools able to assure that security requirements are being correctly fulfilled during the operation of the Cloud service.
SPECS proposes an innovative Platform-as-a-Service that offers a solution for the SPECS’ Security-as-a-Service approach, based on SLA life cycle management. The SPECS platform enables the delivey of security services, described and guaranteed through Security SLAs. Cloud service customers are able to express at different grain-level the security features they need through a user-centric negotiation of Security SLA, that helps CSCs to effectively negotiate with a set of CSPs, by understanding the resulting trade-offs. Moreover, SPECS offers innovative security services to enforce SLA.
When a cloud service does not grant the security features that a CSC has expressed in the negotiated SLA, SPECS provides additional security mechanisms that grant such specific feature. In order to support CSCs in verifying how correct of the services offered by CSPs are, SPECS offers innovative solutions for continuous security monitoring. It implements SLA-monitoring solutions dedicated to continuously control the security offered by CSP and to help ensure the granted security service level objectives.
SPECS Framework, i.e. the software collection developed within the project, is open source and can be used by cloud service providers to offer their service offerings with security SLAs and/or by developers in order to develop new (SPECS) applications that enhance the security of public CSPs.
Based on feedback from partners's business units and a market-oriented survey, SPECS has identified a go-to-market strategy based on a service-offering of the developed framework e.g., through cloud broker solutions.
Exploitation is supported through SPECS integration with our industrial partners' solutions namely ViPR (EMC), end-to-end encryption (XLAB), STAR Watch (CSA), and a secure web container solution (CERICT). These strategies are being leveraged through SPECS Solutions Portfolio.