SecSLA: A Proactive and Secure Service Level Agreement Framework for Cloud Services

Cloud customers migrate to cloud services to reduce the operational costs of information technology (IT) and increase organization efficiency. However, ensuring cloud security is very challenging. As a consequence, cloud service providers find it difficult to persuade customers to acquire their services due to security concerns. In terms of outsourcing applications, software, and/or infrastructure services to the cloud, customers are concerned about the availability, integrity, privacy, and legality of the hosted service. In this paper, a secure service level agreement (SecSLA) framework is proposed to alleviate these concerns and provide security control assurance to cloud customers. The framework is proactive in detecting violations of SecSLA parameters based on a cloud security operations center as a service (SOCaaS). In addition, a trusted third party can use this framework to audit and monitor SecSLA compliance.