Security Specifications in Cloud Computing SLAs.

Ever asked yourself this question? If the SLA states that core security implementations by the cloud computing service provider "guarantees" safety of data they house, then how do we as mere clients tell to when this agreement is breached? I know this is very subjective topic but it becomes clear when we look at access breaches with MasterCard, PlayStation Network, LinkedIn and more seriously PayPal. When these announced that user credentials may have been accessed illegally by the unknowns, then and only then did we all know the risk posed. What if they do not come out in the open to disclose that a data breach occurred? What if someone overlooks security specifications? What if? They are a lot of grey areas in Cloud Computing SLA security clauses. Since the data is housed on third party servers, literally anywhere in the world it means the client has not say of the underlying security implementations. It is like taking an Uber ride, the client only pays for the ride but will not worry about a possible tyre puncture. But what if the unexpected happen? I don't mean a mere breach but a security implication that may result in a customers losing trust in the service. ITaaS underlying models such as SaaS, IaaS and PaaS stand to suffer a lot from this.

As IT continues moves towards a vendor driven industry, having an in-depth look at security approaches from the client and service provider becomes imperative. The long chapters in the SLA documentations do little to address this. Having the client accept that if x happens it was in the agreement and this will not result in any legal action against the SP. As much as it is a good thing to take the security risk to the third party, it also brings about other risks. Security is never something that should and will be hundred percent guaranteed but they are compliance and governance specifications that can better manage it. It is not only in the hands of the SP to provide security but the client too.