2011 Cloud Symposium

Related Meetings & Workshops

Below is information on related events that will be taking place in conjunction with ICS. Any questions may be directed to events@oasis-open.org.


The following groups will be meeting during ICS.  These meetings are "by invitation."  If you would like to inquire about attending a specific discussion group, please feel free to contact us directly at events@oasis-open.org.

  • PEPPOL Technical Meeting
    Monday, 10 Oct - Wednesday, 12 Oct
    09.00-17.00 (each day)
    By Invitation

  • International Government Cloud Executives Roundtable
    Wednesday, 12 October
    By Invitation

  • Privacy Standards Expert Roundtable
    Thursday, 13 October
    By Invitation 



OASIS thanks the following Technical & Steering Committees for supporting the Symposium by holding committee meetings in conjunction with the event. We hope this will be a beneficial collaboration full of networking and communication not only for each committee, but between committees.  There is no charge to attend a meeting; however, registration is required.  <REGISTER NOW>


Workshop on Security Parameters in Cloud Service Level Agreements

Thursday, 13 October
Open To All Attendees

Chairs: Marnix Dekker (ENISA), Daniele Catteddu (CSA), James Bryce Clark (OASIS)

Organizations are switching from running computer systems and networks, to managing service contracts for cloud and other ICT services. Organizations focus on what service they want delivered, rather than how it can be delivered. 

The adage ‘if you can’t measure it, you can’t manage it’ is very relevant to security in cloud computing. Service level agreements (SLAs) are often the only measurable part of a contract. It is important that cloud SLAs describe relevant and measurable security parameters and that the SLRs (Service Level Reports) contain the measurements of these security parameters. Of course not all security aspects are captured in SLAs or SLRs; for example, the requirement to store data only in the EU would feature in an RFP and in a contract, but would typically not appear in an SLA or SLR.

In this workshop, organized jointly by ENISA, CSA and OASIS, we want to identify, with the help of the audience, good-practices for SLAs that allow customers to manage the security of services, to allow them to address information security risks. It is important to stress that we will focus only on what level of security and resilience gets delivered, rather than on how it is delivered (firewalls, loadbalancers, access control lists, etc).
This workshop is a working session, in which we will agree and draft a set of best practices and/or considerations together with participants.

A preliminary agenda of topics is the following:

  • Parameters: We will go over a wide range of security parameters (e.g.reachability, through-put, QoS, e2e availability).

  • Measurement: Per security parameter we will discuss if they are suited for inclusion in SLAs, and how they can be measured by the customer, a third party or the vendor.

  • SLA building: Looking at different scenarios and business cases, we will take the security parameters and focus on how they can be integrated in different SLAs for different kind of services/customers.

Registration via the ICS online registration form.   Questions may be directed to Marnix Dekker.

Related work: The development of template contracts and service level agreements was mentioned by Commissioner Kroes as one of the areas to be addressed in the European Cloud computing strategy. This year ENISA is focussing on the security aspects of cloud contracts and SLAs. We are currently running a survey across government organisations, to find out which security parameters are included in SLAs, and how. Preliminary results of this survey will be used as input here. The output of the workshop will be used as the basis for an ENISA deliverable later this year on “Security parameters in Cloud SLAs”.