Cloud SLAs Can Overlook Security. Don’t Let Them.
Service level agreements often fall short in detailing how the data you place in the cloud is secure. Make sure your SLAs protect your assets.
A Service Level Agreement (SLA) should not only focus on uptime. In Information and Cyber security we live by the following reference model, called the CIA model:
In information security, confidentiality "is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes" (Except ISO27000).
In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. Information security systems typically provide message integrity in addition to data confidentiality.
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.
It is often complemented with:
In law, non-repudiation implies one’s intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Note: This is also regarded as part of Integrity.
This is what you should be looking for in an SLA. Just having high Availability is not enough for critical data.