EU Pushing Guidelines for Cloud Computing Service Level Agreements

European Union lawmakers are attempting to keep pace with technology, unveiling a set of guidelines for business users of cloud computing last week.

Developed by the Cloud Select Industry Group, the guidelines are intended to increase professional users' trust in the technology and standardize aspects of service level agreements. Members of the subgroup on SLAs included representatives from IBM, Microsoft, Telecom Italia, Arthur's Legal, and the Cloud Security Alliance. The subgroup's ongoing goal is to recommend common terminology and metrics to be used in service level agreements. Specific metrics have yet to be finalized.

The guidelines, announced in a press release from the European Commission, call for certain elements to be spelled out in service contracts with cloud providers, including the availability and reliability of the service, the quality of support services, the level of security provided, and guidance on how to better manage data stored in the cloud.

While most internet service providers already include service level agreements in contracts, the multi-jurisdictional nature of cloud computing adds to the complexity. Legal requirements and data protection depend on the jurisdictions involved. Experts added that the terminology used from one cloud provider to another often differs, making it hard for users to compare services.

European Commission Vice President for Justice Viviane Reding said the guidelines will help generate trust in cloud technology, which can translate into increased revenue for companies in the EU's single digital market.

“This is the same spirit as the EU data protection reform which aims at boosting trust,” Reding said in a statement. “A competitive digital single market needs high standards of data protection. EU consumers and small firms want safe and fair contract terms. Today's new guidelines are a step in the right direction.”

Neelie Kroes, commission vice president in charge of the digital agenda, added, “This is the first time cloud suppliers have agreed on common guidelines for service level agreements. I think small businesses in particular will benefit from having these guidelines at hand when searching for cloud services.”

Experts on the working group said while cloud computing is evolving quickly, the technology is still in “nascent” stages with business models continuing to unfold. The group said it is important any guidelines do not hamper innovation and remain technology neutral and business model neutral.

The group noted in the guidelines that many different metrics can be used to determine whether objectives are being met. For example, service availability will be measured differently depending upon the model used – whether the cloud provider is using a compute service or cloud email service. Those differences may remain as long as the provider is documenting which metric is applied, using standardized concepts and vocabulary.

“These guidelines have been drafted based on the recognition that standardizing aspects of SLAs will improve the clarity and increase the understanding of SLAs for cloud services in the market,” the Cloud Select Industry Group's subgroup on SLAs wrote to Reding and Kroes last week.

The EU experts said the guidelines will have “a deeper impact” if standardization is done on an international basis rather than just within the bloc. The EU group will submit the guidelines to their counterparts on the ISO Cloud Computing Working Group to represent the European position.

“We believe (the guidelines) are an important contribution for cloud computing and will enable a better understanding of critical areas of cloud computing in connection with security or personal data protection,” the subgroup wrote.