Monitoring Data Security in the Cloud: A Security SLA-Based Approach

Cloud security, due to the lack of control over leased resources, is considered one of the main inhibitors to a wider adoption of the cloud paradigm. Recently, Security Service Level Agreements (Security SLAs), contracts among cloud service providers, and cloud service customers stating the granted level of security, appear to be the main way to address such an issue. Security (continuous) monitoring is one of the needs that must be technically solved to offer effective Security SLAs: cloud customers need a simple and effective way to measure the security level and to verify that grants are being respected. In this chapter, we outline the problems related to monitoring security in the cloud, and illustrate a Security SLA-based monitoring approach. Moreover, we provide concrete examples related to offering services protected against Denial of Service (DoS) attacks and provided with continuous scanning and management of existing software vulnerabilities. The presented examples rely on the adoption of the innovative SPECS framework. This framework, developed in the context of the FP7-ICT programme project SPECS, aims at offering Security-as-a-Service using an SLA-based approach.