© 1995-2001 VNU Business Publications Ltd. All rights reserved.
Poor SLA management a threat to security
By James Middleton
6th February 2001 - Enterprises that do not manage their service level
agreements (SLAs) strategically are putting themselves at risk of online security
breaches, according to security firm mi2g.
mi2g warned at the British Bankers' Association (BBA) conference this
morning that the escalating online threat means that financial institutions
can no longer rely on individual service level agreements, operating in isolation,
to fulfil their security needs.
The BBA is a non-profit organisation which represents 300 members among the
UK banking industry and further associates in 60 other countries.
mi2g's managing director, DK Matai, said:
"SLAs that achieve short term goals can increase the security risk from penetration
when they do not take into account the overall business strategy of the financial
He explained that to manage SLAs efficiently, organisations should see them
as a "combination of strategically placed levers
that achieve a service level balance, rather than a number of separately negotiated
SLAs that can leave gaping holes in the organisation's defences as it negotiates
But he blamed inadequate strategies at board level for failures in online
security, which he sees as the weakest link in the chain.
"When security fails within a major bank or financial services company, it
is rarely just an outsourcing issue or a case that one SLA was incorrectly
drafted," he said.
Rafi Azim-Khan, an ebusiness lawyer at international law firm McDermott Will
& Emery, added that because online security is crucial for companies with
ecommerce arms, "expertly tailored SLAs and the
management of such SLAs are important elements in ensuring the high level
of IT system performance and security that the market requires".