SLA-Ready - Making cloud security SLAs easier for European SMEs

Focus Area
The on-going evolution of cloud computing will radically transform business processes and bring about the most sweeping changes to the structure of the global economy since the Industrial Revolution. Cloud computing should be the answer to the rising complexity of software systems and therefore bring simplicity and transparency in all possible and innovative ways, especially in a data-driven era. 
 
Complex and misleading language is one the main barriers to the wider adoption of cloud services, which typically come with “take-it-or-leave-it” contracts. SMEs find it particularly hard to understand the terminology of service level agreements (Cloud SLAs), which often shift significant risks to the customer.
 
SLA-Ready is driving a common understanding of Cloud SLAs with greater standardisation and transparency so firms can make an informed decision on what services to use, what to expect and what to trust. 
Market sector targets
The main target audience of SLA-Ready are small- and medium-sized businesses (SMEs). This group is expected to benefit the most from cloud services but lack of knowledge and security concerns are holding them back. The Federation of Small Businesses (FSB) has recently found that nearly two fifths of small businesses are sceptical about the benefits of cloud technology when compared against security risks [2].
 
SLA-Ready aims to change this through a service-driven approach that makes Cloud SLAs readily understandable to the private sector in Europe, thus breaking down barriers to mainstream adoption [1]. The SLA-Ready approach is also an added bonus as the potential of cloud computing in Europe increasingly shifts towards the Internet of Things (IoT), rather than just generic cloud services.
Addressing key concerns impeding the mainstream adoption of the cloud: privacy, security, trust
Research by the Cloud Security Alliance shows customers see the use of standardised Cloud SLAs as a critical step towards better understanding the level of security and data protection offered by the Cloud Service Provider (CSP), and for monitoring the CSP’s performance and security levels.
 
If a user cannot understand what the cloud offers, she/he cannot meaningfully utilise the benefits. With SLAs offering this crucial user-Cloud interface, SLA-Ready plays a very timely and critical usability role via its advocacy of reference SLA and best practice repositories. 
 
SLA-Ready will create a new set of services designed specifically to make Cloud Service Level Agreements (SLAs) more understandable in the private sector and across different audiences, from C-level executives to technical and legal staff. It will also support decision making during the entire SLA lifecycle. 
 
New service creation in SLA-Ready spans practical guides, a social marketplace, tutorials-as-a-service, and decision-making services. These services will help firms to carefully plan their journey to the cloud, and make it strategic through an informed, stepping-stone approach, so the cloud and applications grow with their businesses.
 
The SLA-Ready Common Reference Model will benefit the industry by integrating a set of SLA components, such as common vocabularies, SLO metrics and measurements, as well as best practices and relevant standards to fill identified gaps in the current SLA landscape. 
 
On top of this, SLA-Ready is gathering feedback from customers and value-chain partners within its business network. SLA-Ready will therefore also act as a forum where customers, cloud service providers and related vendors can learn to speak the same language on equal terms, thus gaining reciprocal benefits. SLA-Ready will also exchange best practices on SLAs and procurement with public sector stakeholders through is Advisory Board and a group of selected supporters. 
 
This is key to providing the right answers for smooth and effective cloud adoption approach, including security, which only cloud can offer in a cost effective way. It is also the best course of action to establish a workable and transparent (cloud services) market as goal for the European economy, jobs and growth.
Why cloud is a helping hand for SMEs?
In order to stay competitive in the global marketplace, firms need to provide something new, something exciting on a regular basis. As real-time value delivery becomes increasingly important, firms need to embrace the change that cloud enables along with new processes and business models. One of the advantages of the cloud is that it demands and enables business agility. Put simply, this means becoming more efficient and cutting costs, but also focusing on new business value creation. 
 
On the downside, the recent FSB survey brings yet more proof that cloud services need to have terms and conditions in plain English and transparent pricing. Evidence strongly suggests that without these, further uptake by SMEs will be much less likely. But it’s not just about greater clarity. Small firms typically have restricted budgets, limited human resources and limited knowledge of information security. Ultimately, it is about building confidence and trust in the market as the very foundation of business. 
 
Now is the time to address this challenge in earnest through a common dialogue and through the creation of new services and tools that can benefit both the industry at large and cloud customers, building on the expert work already done by the consortium members of SLA-Ready [3]. 
Links and references

[1] www.sla-ready.eu. SLA-Ready has received funding from the European Commission under Horizon 2020 – H2020-ICT-2014-1/644077.

[2] UK Federation of Small Businesses, Cloud Computing Survey – January 2014,

http://www.fsb.org.uk/policy/assets/fsb%20cloud%20computing%20servey%20-%20february%202015.pdf.

[3] www.cloudsecurityalliance.com.

Authors:

Stephanie Parker, Trust-IT, Arthur van der Wees, Arthur’s Legal and Jesus Luna, Cloud Security Alliance