Arthur van der Wees, Arthurs Legal on Making Cloud SLAs readily usable in the EU private sector
-
Upload
sla-ready-network -
Category
Technology
-
view
257 -
download
0
Transcript of Arthur van der Wees, Arthurs Legal on Making Cloud SLAs readily usable in the EU private sector
Making Cloud SLAs readily usable in the EU private sector
Arthur van der Wees
Managing Director international law firm Arthur’s Legal
Founder & Chief Executive Officer Zapplied Platform
2
Risks, Comfort & Trust in the Cloud
Cloud Services Challenges:
For the 80% not yet using cloud services, insufficient knowledge is the
main blocking factors (42%).
For the 20% using cloud services, the risk of a security breach is the main
limiting factor (39%).
Eurostat (EC)
Cybersecurity & Data Protection: Threat or Strength?
Risks, Comfort, Trust in & Rewards of the Cloud
60% cited concerns around
data security as a barrier
to adoption.
45% concerned that the
cloud would result in a
lack of data
control.
94% experienced security
benefits they didn’t
previously have on-
premise.
62% said privacy protection
increased as a result of
moving to the cloud.
Initial concerns Realized benefits
Microsoft Azure (ISO 27018)
European Commission Priority: Digital Single Market
C-SIG Drafting Group DG CNECT: Select expert group (CSA, IBM, Microsoft,
Telecom Italia and Arthur’s Legal): EC Cloud SLA Standardisation Guidelines,
ISO and other standardisation. ISO/IEC 17788. ISO/IEC 19086 (I).
Computer Science: TU Darmstadt
Coordination & communication: Trust-IT Services
Security: Cloud Security Alliance
Strategic & Legal: Arthur’s Legal
Cloud Computing & European Commission
5
What do we want to achieve?
Improve transparency, bridging the disconnect between supply and demand, and increase the uptake of cloud computing by making it easier for and empower 20 million EU SMEs to understand SLAs
SLA-Ready aims to provide common understanding of Service Level Agreements (SLAs) for Cloud services with greater standardisation and transparency so organisations can make an informed decision on what services to use, what to expect and what to trust.
How to achieve
#Cloud #Trust #Strategy #Performance #Security #Data #Data Protection #SLAReady
SLAs are an important but yet only one particle in the Cloud Service Level Ecosystem:
SLA-Ready services will support SMEs with user-friendly practical tools, guides,
and a social marketplace, encouraging them to carefully plan their journey and
make it strategic through an informed, stepping-stone approach, so the Cloud and
applications grow with their business.
The SLA-Ready Common Reference Model will benefit the industry by
integrating a set of SLA components, e.g. common vocabularies, Service Level
Objectives (SLO) service metrics and measurements, as well as best practices
and relevant standards to fill identified gaps in the current SLA landscape.
Ethics & Accountability
Law & Legislation Case Law
Standardisation &
Certification
(Self-regulatory)
Cloud SLA &
Other Contractual
Arrangements
Risk Allocation
& Insurance
Technology
Cloud Service Level Ecosystem
Human
Cloud SLA Life Cycle
When zooming in at one (1) SLA from a legal, negotiation and contract management
perspective, the life cycle of a SLA can be split in seven (7) headline legal life cycle phases:
1.Assessment
2.Preparation
3.Negotiation & Contracting
4.Execution & Operation
5.Updates & Amendments
6.Escalation, and;
7.Termination & Consequences of Termination
4 Main Categories Service Level Objectives (SLOs)
1. Performance 2. Security 3. Data Management 4. (Personal) Data Protection
SLA Life Cycle: Assess, Select, SLA, Execute, Monitor, Update & Terminate Data Life Cycle: Create/derive, Store, Use/Process, Share, Archive, Destroy
Out of Scope Within Scope
Data is not a four letter word
EC Cloud Service Level Agreement Standardisation Guidelines (v20140828)
3D approach | Multi-story of connected data types | Classified data
| Sensitive data | Personal data | Derived data | Proprietary data |
IPR | Encrypted data, with or without Tokenization | Every kind
of data needs to be addressed differently.
Data
Data of any form, nature or structure, that can be created, uploaded, inserted
in, collected or derived from or with cloud services and/or cloud computing,
including without limitation proprietary and non-proprietary data, confidential
and non-confidential data, non-personal and personal data, as well as other
human readable or machine readable data.
State of Practice vs State of Art Current maturity level of Cloud SLAs of CSPs:
1. Difficult to find, difficult to read & assess: Lot’s of push-back at CSPs
2. Performance: Availability, Uptime & Measurements
3. Incident Management: Response time per prioritised incident
4. Carve-outs & other exclusions: ‘Planned’ Maintenance, Force Majeure, customer, third parties.
5. Less then 10% coverage out of the EC SLA Standardisation Guidelines 6. Difficult to monitor, manage & enforce: status.aws.amazon.com (real-time system status &
status history (35 days)), trust.salesforce.com (real-time system status & planned maintenance), www.cloudharmony.com/directory (real-time system status & status history (up to 1 year))
CSPs not comfortable, yet. But how about the cloud customer?