EU-retningslinjer for skyløsninger

EU-retningslinjer for skyløsninger

Cloud Service Level Agreements: Standardisation Guidelines

Retningslinjer lagt fram av Kommisjonen 26.06.2014

Nærmere omtale

BAKGRUNN (fra Kommisjonens pressemelding 26.06.2014, engelsk utgave)

New guidelines to help EU businesses use the Cloud
Guidelines to help business users save money and get the most out of cloud computing services are being presented to the European Commission today. Cloud computing allows individuals, businesses and the public sector to store their data and carry out data processing in remote data centres, saving on average 10-20%.

The guidelines have been developed by a Cloud Select Industry Group as part of the Commission’s European Cloud Strategy to increase trust in these services. Contributors to the guidelines include Arthur's Legal, ATOS, Cloud Security Alliance, ENISA, IBM, Microsoft and SAP, Telecom Italia, (complete member list here).

Today's announcement is a first step towards standardised building blocks for Service Level Agreements (SLAs) terminology and metrics. An SLA is a part of a service contract that defines the technical and legal aspects of the service offered. The recent findings of the Trusted Cloud Europe survey show SLA standards are very much required by cloud users.

These guidelines will help professional cloud users ensure essential elements are included in plain language in contracts they make with cloud providers. Relevant items include:

• The availability and reliability of the cloud service,

• The quality of support services they will receive from their cloud provider

• Security levels

• How to better manage the data they keep in the cloud.

European Commission Vice-President @NeelieKroesEU said: "This is the first time cloud suppliers have agreed on common guidelines for service level agreements. I think small businesses in particular will benefit from having these guidelines at hand when searching for cloud services.”

Vice-President Viviane Reding said: "Today's new guidelines will help generate trust in innovative computing solutions and help EU citizens save money. More trust means more revenue for companies in Europe's digital single market." She added: "This is the same spirit as the EU data protection reform which aims at boosting trust. A competitive digital single market needs high standards of data protection. EU consumers and small firms want safe and fair contract terms. Today's new guidelines are a step in the right direction."

As a next step, the European Commission will test these guidelines with users, in particular SMEs. It will also be discussed within the Expert Group on Cloud Computing Contracts set by the Commission in October 2013. This discussion will also involve other C-SIG activities, for example the data protection Code of Conduct for cloud computing providers that was prepared by the C-SIG on Code of Conduct. The draft Code of Conduct has been presented to the Article 29 Data Protection Working Party (European Data Protection Authorities).

This initiative will have deeper impact if standardisation of SLAs is done at international level, e.g. through international standards, such as ISO/IEC 19086. To this end, the C-SIG on SLAs is also working with the ISO Cloud Computing Working Group, to present a European position on SLA Standardisation. Today's SLA guidelines will thus feed into ISO's effort to establish international standards on SLAs for cloud computing.

Background

Internet service providers commonly include SLAs in contracts with customers to define the levels of service being sold. SLAs form an important component of the contractual relationship between a customer and a provider of a cloud service. Given the global nature of the cloud, cloud contracts often span different jurisdictions, with varying applicable legal requirements, in particular with respect to the protection of personal data hosted in the cloud. Also different cloud services and deployment models will require different approaches to SLAs, adding to the complexity.

Under its second key action – safe and fair contract terms and conditions -, the European Cloud Computing Strategy called for work on model terms for cloud computing service level agreements for contracts between cloud providers and professional cloud users. The C-SIG on SLAs was convened to address this provision. This Strategy also called to identify safe and fair contract terms for contracts between cloud suppliers and consumers and small firms. For this purpose the Commission created its Expert Group on Cloud Computing Contracts.