Cloud SLAs Can Overlook Security. Don’t Let Them.
Hojt Communication is a consulting company focused on our clients need to rapidly bring the right product to the right market. We stand out due to our ability to combine skills in strategy, implementation, operations and technology with deep understanding about the connected world and the new levels of security and privacy protection that world brings.
vision,strategy,product,market,business development,marketing,mobility,Internet of Things,IoT,Security
22810
post-template-default,single,single-post,postid-22810,single-format-standard,stockholm-core-1.2.2,select-child-theme-ver-1.0.0,select-theme-ver-5.3,ajax_fade,page_not_loaded,wpb-js-composer js-comp-ver-6.3.0,vc_responsive

Cloud SLAs Can Overlook Security. Don’t Let Them.

See on Scoop.itSecure communication
ksVCX40Pevl0L5-F-RDIqDl72eJkfbmt4t8yenImKBXEejxNn4ZJNZ2ss5Ku7Cxt

Service level agreements often fall short in detailing how the data you place in the cloud is secure. Make sure your SLAs protect your assets.

A Service Level Agreement (SLA) should not only focus on uptime. In Information and Cyber security we live by the following reference model, called the CIA model:

Confidentiality

In information security, confidentiality "is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes" (Except ISO27000).

Integrity

In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. Information security systems typically provide message integrity in addition to data confidentiality.

Availability

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.

It is often complemented with:

Non-repudiation

In law, non-repudiation implies one’s intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Note: This is also regarded as part of Integrity.

This is what you should be looking for in an SLA. Just having high Availability is not enough for critical data.

See on csoonline.com