Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Abstract : Many government agencies (GAs) increasingly rely on external computing, communications and storage services supplied by service providers (SPs) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but overlook security in SLAs. In this paper, we investigated ‘real world’ SLAs in terms of security guarantees between GAs and external SPs, using Indonesia as a case study. This paper develops a grounded adaptive Delphi method to clarify the current and potential attributes of security-related SLAs that are common among external service offerings. To this end, we conducted a longitudinal study of the Indonesian government auctions of 59 e-procurement services from 2010–2016 to find ‘auction winners’. Further, we contacted five selected major SPs (n = 15 participants) to participate in a three-round Delphi study. Using a grounded theory analysis, we examined the Delphi study data to categorise and generalise the extracted statements in the process of developing propositions. We observed that most of the GAs placed significant importance on service availability, but security capabilities of the SPs were not explicitly expressed in SLAs. Additionally, the GAs often use the provision of service availability to demand additional security capabilities supplied by the SPs. We also observed that most of the SPs found difficulties in addressing data confidentiality and integrity in SLAs. Overall, our findings call for a proposition-driven analysis of the Delphi study data to establish the foundation for incorporating security capabilities into security-related SLAs.
Document type :
Conference papers
Complete list of metadatas

Cited literature [30 references]  Display  Hide  Download

https://hal.inria.fr/hal-01651155
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 28, 2017 - 5:08:29 PM
Last modification on : Tuesday, November 28, 2017 - 5:10:10 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2020-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Yudhistira Nugraha, Andrew Martin. Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. pp.57-75, ⟨10.1007/978-3-319-59171-1_6⟩. ⟨hal-01651155⟩

Share

Metrics

Record views

59