Technical Challenges. To facilitate the process of negotiating security SLAs with different potential service providers, to make the comparison of different service offerings simpler, and to simplify the commitment phase of the service lifecycle, there is a need for common industry standards and corresponding templates for machine-readable agreements [1]. However, there are no such templates for security SLAs available today. Establishing a security SLA is not sufficient in itself; the agreed terms need to be monitored and controlled as well. However, monitoring and controlling security terms are inherently difficult. While other QoS aspects, such as the ser- vice availability, can easily be measured and controlled by the users themselves, security tends to be more difficult to monitor. One reason is the nature of ser- vice oriented architectures, which are designed to hide the inner workings of the services from the user, exposing only their APIs to the developers. Another rea- son is that the security requirements are often stated in terms of what should not happen, making it difficult to verify that the preventive mechanisms works as intended, until a breach has already occurred. In addition, the really clever attacks often go unnoticed.
Appears in 2 contracts
Sources: Security Service Level Agreement, Security Service Level Agreement