Poor SLA management a threat to security

Enterprises that do not manage their service level agreements (SLAs) strategically are putting themselves at risk of online security breaches, according to security firm mi2g.

Mi2g warned at the British Bankers' Association (BBA) conference this morning that the escalating online threat means that financial institutions can no longer rely on individual service level agreements, operating in isolation, to fulfil their security needs.

The BBA is a non-profit organisation which represents 300 members among the UK banking industry and further associates in 60 other countries.

Mi2g's managing director, DK Matai, said: "SLAs that achieve short term goals can increase the security risk from penetration when they do not take into account the overall business strategy of the financial institution."

He explained that to manage SLAs efficiently, organisations should see them as a "combination of strategically placed levers that achieve a service level balance, rather than a number of separately negotiated SLAs that can leave gaping holes in the organisation's defences as it negotiates strategic alliances".

But he blamed inadequate strategies at board level for failures in online security, which he sees as the weakest link in the chain. "When security fails within a major bank or financial services company, it is rarely just an outsourcing issue or a case that one SLA was incorrectly drafted," he said.

Rafi Azim-Khan, an ebusiness lawyer at international law firm McDermott Will & Emery, added that because online security is crucial for companies with ecommerce arms, "expertly tailored SLAs and the management of such SLAs are important elements in ensuring the high level of IT system performance and security that the market requires".