IEEE Access (Jan 2024)
Challenges for Continuous, Provable Security Service Level Agreement Management in Computing Continuum
Abstract
Vertical industries start taking advantage of computing continuum by hosting their applications or using additional services offered by several Cloud Service Providers. Computing continuum has many advantages for Verticals as it allows to fulfil their quality of service requirements and save costs. This could be achieved due to the distributed, heterogenous and dynamic nature of infrastructure of computing continuum and Vertical’s application mobility thus its ability to migrate between different environments. However, this can progress only if in parallel to Vertical’s application mobility, the security requirements are dynamically managed and met at the required level in each environment. It is particularly important due to new regulations (e.g. Cyber Resilience Act and Network and Information Security Directive - NIS2) which define new critical industries and introduce for them additional security obligations. Noncompliance with these regulations could lead to penalties. Therefore, Verticals will have to fulfil specific security requirements and be able to deliver proof of compliance. In this paper, we propose to address those needs using emerging concept of Security Service Level Agreement. Following that, we propose a novel Security Service Level Agreement Mediator for cloud applications in mobility which negotiates Security Service Level Agreement with Verticals, continuously fulfils it in computing continuum and delivers proofs of compliance. Based on that, we define main challenges for setting up the Security Service Level Agreement Mediator on the basis of considerations presented in this paper.
Keywords
