Making Cloud SLAs readily usable in the EU private sector
A key output of the SLA-Ready project is the SLA-Readiness Index. This is a quantitative metric that could be used by cloud customers, mainly SMEs, to assess at a glance the CSP SLA i.e., a high-level metric designed to assess a CSP alignment to the SLA-Ready Common Reference Model.
With the SLA-Readiness Index, we can go beyond the concept of a SLA repository which offers a "raw" collection of SLAs. The entries in the SLA-Repository could have become too granular for SMEs who are only willing to have a quick understanding of the offered CSP SLA before going into more detail. For this reason, the SLA-Ready project has proposed the SLA-Readiness Index, with transforms the SLA-Repositories into a collection of cloud SLAs analysed according to the elements defined by the CRM.
In creating the SLA-Readiness index we went through three key phases:
Phase 1 - CSP SLA self-assessment
The SLA-Ready consortium developed a questionnaire for allowing CSPs to assess their SLAs based on the developed CRM. This approach has proved its usefulness in the development of cloud security repositories such as CSA STAR, where CSPs self-assess the implementation of security controls based on the Consensus Assessment Initiative Questionnaire (i.e., CSA CAIQ).
Phase 2 - SLA repository is a collection of the received CSP questionnaires
In order to support transparency in the cloud market, all CSPs answering the questionnaire have been asked to provide their consent for making their answers publicly available.
Phase 3 - Computing SLA-Readiness index
The CSP SLA information collected into the SLA-Repository is structured in a way that allows for its quantitative reasoning. in particular, we refer to its aggregation into a unique quantitative/qualitative level i.e., the SLA-Readiness Index. The Quantitative Hierarchy Process (QHP) was used as the assessment technique to compare CSPs. QHP has been developed in the Technische Universität Darmstadt by the DEEDS group and allows to evaluate the level of security provided by CSPs. QHP was adapted to support the SLA-Ready Common Reference Model. QHP allows to compare CSPs’ SLAs and also compare them against customers’ requirements. QHP uses as input the security SLA of CSPs, which is then organised in a hierarchical structure. QHP has also been chosen as it allows to evaluate the CSPs at different levels of granularity: partial scores can be obtained at different levels of the CRM hierarchy.
Figure 1. SLA-Readiness index for five CSPs comparing their SLAs with respect to the CRM
Figure 2. SLA-Readiness index at the group level of the CRM comparing the SLA of five CSPS with respect to the CRM