Making Cloud SLAs readily usable in the EU private sector

Takeaways: Workshop on EU Privacy Compliance & Security

SLA-Ready was part of the workshop on EU Privacy Compliance & Security on 4 June at Info Security 2015, the largest event on IT security in Europe.
Arthur van der Wees, Managing Director international law firm Arthur’s Legal talked the audience through cloud service level agreements as the crucial user-cloud interface. He explained the SLA lifecycle, EC Cloud SLA Standardisation Guidelines, and the role of SLA-Ready in breaking down barriers to adoption, especially for SMEs. There are 20 million SMEs in the European Union, representing 99% of all EU businesses.
According to Eurostat, for the 80% not yet using cloud services, insufficient knowledge is the main blocking factors (42%), while for the 20% using cloud services, the risk of a security breach is the main limiting factor (39%).
So how what’s stopping mainstream adoption of cloud services? 
One of the major barriers is the complex language and typical "take-it-or-leave-it" contracts. This is just one of the many "human" barriers to cloud service adoption. Others include not being able to negotiate contract terms (unless you're a very large organisation). Sometimes even knowing where to find the SLA on the website of a service cloud provider can be quite a challenge.
Ultimately, user experience will determine how successful cloud computing will be in boosting the economy. 
SLA-Ready sets out to make Cloud SLAs readily usable in the private sector, making it easier for SMEs to understand SLAs and bridging the disconnect between supply and demand by helping them speak the same language. 
Efforts will focus on improving transparency in SLAs for IaaS and SaaS, increasing the amount of standardised terms and metrics, and helping companies make an informed decision about what cloud services to use, what to expect and what to trust. A key feature of SLA-Ready will be the availability of user-friendly decision-making tools and services. 
The workshop was hosted by SLA-Ready partner, Cloud Security Alliance, with Daniele Catteddu, Director EMEA, brought together complementary initiatives like SPECS (SLAs and security) and PICSE (cloud procurement). He chaired the stimulating discussions with an audience mainly comprising security managers working for small and large firms that are current or prospective cloud service customers. 
Questions revolved around privacy compliance (PLA), contract negotiations with the audience seeking advice on what to do, SLA interpretation and the use of standards. 
View our photo gallery here and download slidedeck below.

Stay tuned for more insights and advice. 
PDF icon Workshop_CSA_InfoSecurity_v2.pdf4.26 MB