Making Cloud SLAs readily usable in the EU private sector


In the last couple of years we've started to witness an increase on the so-called Security-as-a-Service (SecaaS) providers, which are cloud services focused on the provisioning of security capabilities like encryption, monitoring, IAM, and so forth. The Cloud Security Alliance set up a dedicated working chartered with producing a set of deliverables focused on identifying a categorisation of SecaaS services.

One of the categories identified is Continuous Monitoring, which is being further developed based on the inputs provided by SLA-Ready with regard to the role of cloud security Service Level Agreements (Cloud SLAs).


SLA-Ready is leveraging its Common Reference Model and elicited good practices to the SecaaS Continuous Monitoring deliverable in order to guarantee adequate usage of SLAs for this specific purpose. Furthermore, SLA-Ready is providing alignment to relevant standards (in particular ISO/IEC 19086-4) to increase the uptake of the resulting SecaaS deliverable. The final CSA SecaaS working group deliverable is expected in Q1/2017.