New guidelines to help EU businesses use the Cloud
27 Jun 2014 12:53 PM
Guidelines to help
business users save money and get the most out of cloud computing services have
been presented to the European Commission. Cloud computing allows individuals,
businesses and the public sector to store their data and carry out data
processing in remote data centres, saving on average
10-20%.
The guidelines have been
developed by a Cloud Select Industry Group as part
of the Commission’s European Cloud Strategy to increase trust in these
services. Contributors to the guidelines include Arthur's Legal, ATOS,
Cloud Security Alliance, ENISA, IBM, Microsoft and SAP, Telecom Italia,
(complete member list here).
Today's announcement is a
first step towards standardised building blocks for Service Level Agreements
(SLAs) terminology and metrics. An SLA is a part of a service contract that
defines the technical and legal aspects of the service offered. The recent
findings of the Trusted Cloud Europe survey show SLA standards are very much
required by cloud users.
These guidelines will help
professional cloud users ensure essential elements are included in plain
language in contracts they make with cloud providers. Relevant items
include:
-
The availability and reliability
of the cloud service,
-
The quality of support services
they will receive from their cloud provider
-
Security levels
-
How to better manage the data
they keep in the cloud.
European Commission
Vice-President @NeelieKroesEU said: "This is the first time cloud
suppliers have agreed on common guidelines for service level agreements. I
think small businesses in particular will benefit from having these guidelines
at hand when searching for cloud services.”
Vice-President Viviane Reding
said: "Today's new guidelines will help generate trust in
innovative computing solutions and help EU citizens save money. More trust
means more revenue for companies in Europe's digital single
market." She added: "This is the same spirit as the EU
data protection reform which aims at boosting trust. A competitive digital
single market needs high standards of data protection. EU consumers and small
firms want safe and fair contract terms. Today's new guidelines are a step
in the right direction."
As a next step, the European
Commission will test these guidelines with users, in particular SMEs. It will
also be discussed within the Expert Group on Cloud Computing Contracts set by
the Commission in October 2013. This discussion will also involve other C-SIG
activities, for example the data protection Code of Conduct for cloud computing
providers that was prepared by the C-SIG on Code of Conduct. The draft Code of Conduct has
been presented to the Article 29 Data Protection Working
Party (European Data Protection Authorities).
This initiative will have deeper
impact if standardisation of SLAs is done at international level, e.g. through
international standards, such as ISO/IEC 19086. To this end, the C-SIG on SLAs
is also working with theISO Cloud
Computing Working Group, to present a European position on SLA
Standardisation. Today's SLA guidelines will thus feed into ISO's
effort to establish international standards on SLAs for cloud
computing.
Background
Internet service providers commonly include SLAs in contracts
with customers to define the levels of service being sold. SLAs form an
important component of the contractual relationship between a customer and a
provider of a cloud service. Given the global nature of the cloud, cloud
contracts often span different jurisdictions, with varying applicable legal
requirements, in particular with respect to the protection of personal data
hosted in the cloud. Also different cloud services and deployment models will
require different approaches to SLAs, adding to the
complexity.
Under its second key action
– safe and fair contract terms and conditions -, the European Cloud Computing Strategy called for
work on model terms for cloud computing service level agreements for contracts
between cloud providers and professional cloud users. The C-SIG on SLAs was
convened to address this provision. This Strategy also called to identify safe
and fair contract terms for contracts between cloud suppliers and consumers and
small firms. For this purpose the Commission created its Expert Group on Cloud
Computing Contracts.
Useful links
Cloud Service Level Agreement Standardisation
Guidelines
European Cloud Computing Strategy
Cloud Select Industry Group on Service Level
Agreements
Expert Group on Cloud Computing
Contracts
All Cloud Computing Strategy Working
Groups
C-SIG on SLAs List of
Participants
Neelie Kroes
Follow
Neelie on Twitter