Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Abstract : Many government agencies (GAs) increasingly rely on external computing, communications and storage services supplied by service providers (SPs) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but overlook security in SLAs. In this paper, we investigated ‘real world’ SLAs in terms of security guarantees between GAs and external SPs, using Indonesia as a case study. This paper develops a grounded adaptive Delphi method to clarify the current and potential attributes of security-related SLAs that are common among external service offerings. To this end, we conducted a longitudinal study of the Indonesian government auctions of 59 e-procurement services from 2010–2016 to find ‘auction winners’. Further, we contacted five selected major SPs (n = 15 participants) to participate in a three-round Delphi study. Using a grounded theory analysis, we examined the Delphi study data to categorise and generalise the extracted statements in the process of developing propositions. We observed that most of the GAs placed significant importance on service availability, but security capabilities of the SPs were not explicitly expressed in SLAs. Additionally, the GAs often use the provision of service availability to demand additional security capabilities supplied by the SPs. We also observed that most of the SPs found difficulties in addressing data confidentiality and integrity in SLAs. Overall, our findings call for a proposition-driven analysis of the Delphi study data to establish the foundation for incorporating security capabilities into security-related SLAs.
Type de document :
Communication dans un congrès
Jan-Philipp Steghöfer; Babak Esfandiari. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-505, pp.57-75, 2017, Trust Management XI. 〈10.1007/978-3-319-59171-1_6〉
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01651155
Contributeur : Hal Ifip <>
Soumis le : mardi 28 novembre 2017 - 17:08:29
Dernière modification le : mardi 28 novembre 2017 - 17:10:10

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yudhistira Nugraha, Andrew Martin. Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments. Jan-Philipp Steghöfer; Babak Esfandiari. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-505, pp.57-75, 2017, Trust Management XI. 〈10.1007/978-3-319-59171-1_6〉. 〈hal-01651155〉

Partager

Métriques

Consultations de la notice

13