Making Cloud SLAs readily usable in the EU private sector

SLA-Ready Takeaways from DIGITAL4EU

Arthur van der Wees was among the select panellists at Digital4EU in late February 2016. 
 
Challenges: Chief among the challenges are regulations, data protection and cyber security, which need to be dealt with across different service models. One of the goals of the AIOTI is to push for legal and privacy aspects at the design phase, not as a retrofit. Smart metres are one example of retrofitting, causing a 2-year delay. 
Currently, it is your data (PII) until you give consent to use it. Consent will become more complicated with the new data protection regulation. Understanding how it will work in practice is not easy, especially with the innovations the internet of things will bring. Really, it is about getting people in the comfort zone. Standardisation is a bit quicker than regulations. We need to work on identify and access management.
 
Internet of Things:  IoTis about people, animals and plants. Samrt diary farming is already happening in the Netherlands. A key question is how do we speed up market update. Standards a bit quicker than regulations but self-regulation can play a key role. There are examples of this in the U.S. where farmers are signing contracts with manufacturers with the agreement that the metadata from connected devices belongs to the farmer. As a result, farmers are buying more devices. Hence self-regulation means getting things out to market more quickly.  The default thinking is "not having personal data in machines" but this may not always be possible. Reference guidelines on de-identification come from the US National Institute of Standards and Technology (NIST), with whom we have been collaborating.
 
Principle-based regulation: Digital is the best opportunity for Europe to connect. Europe may be lagging behind in some aspects, we are leading in privacy principles. I was at FS Cloud Asia in Hong Kong earlier this week, where the EU principle-based regulation can provide a model for others to follow. Standardisation is a bit quicker than regulation but it has to involve all kinds of businesses, not just big industry. This is important because every organisation will ultimately be a tech company.
 
Pace of change:  Cloud service level agreements have a key role to play in keeping pace with a fast evolving landscape. In SLA-Ready, we are building on the best practices of the Standardisation Guidelines by the C-SIG SLA (Cloud - Select Industry Group), to improve transparency and fill identified gaps in the SLA landscape. 'We can keep up if we have regulations that are technology neutral, smart and flexible', said Dr Christiane Wendehorst, Professor of law at Department of Civil Law, Faculty of Law, University of Vienna.