2017 | OriginalPaper | Chapter
Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments
Authors : Yudhistira Nugraha, Andrew Martin
Published in: Trust Management XI
Publisher: Springer International Publishing
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Abstract
GAs
) increasingly rely on external computing, communications and storage services supplied by service providers (SPs
) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs
are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but overlook security in SLAs. In this paper, we investigated ‘real world’ SLAs in terms of security guarantees between GAs
and external SPs
, using Indonesia as a case study. This paper develops a grounded adaptive Delphi method to clarify the current and potential attributes of security-related SLAs that are common among external service offerings. To this end, we conducted a longitudinal study of the Indonesian government auctions of 59 e-procurement services from 2010–2016 to find ‘auction winners’. Further, we contacted five selected major SPs
(n = 15 participants) to participate in a three-round Delphi study. Using a grounded theory analysis, we examined the Delphi study data to categorise and generalise the extracted statements in the process of developing propositions. We observed that most of the GAs
placed significant importance on service availability, but security capabilities of the SPs
were not explicitly expressed in SLAs. Additionally, the GAs
often use the provision of service availability to demand additional security capabilities supplied by the SPs
. We also observed that most of the SPs
found difficulties in addressing data confidentiality and integrity in SLAs. Overall, our findings call for a proposition-driven analysis of the Delphi study data to establish the foundation for incorporating security capabilities into security-related SLAs.