Service Level Agreement (SLA) and Security SLA (SecSLA): A Comprehensive Survey

A Service Level Agreement (SLA) is a formal contract between a service provider and a consumer, representing a crucial instrument to define, manage, and maintain relationships between these two parties. The SLA’s ability to define the Quality-of-Service expectations, standards, and accountability helps to deliver high-quality services and increase client confidence in disparate application domains, such as Cloud computing and the Internet of Things. An open research direction in this context is related to the possible integration of new metrics to address the security and privacy aspects of services, thus providing protection of sensitive information, mitigating risks, and building trust. This survey paper identifies the state of the art covering concepts, approaches, and open problems of SLA management with a distinctive and original focus on the recent development of Security SLA (SecSLA). It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic from 2017 to 2025. We collected 66 peer-reviewed papers written in English from esteemed databases (Scholar, IEEE Xplore, and ACM Digital Library) published by relevant authors in important journals or conference proceedings. Moreover, we propose a novel classification criterion to organize the analysis based on SLA life cycle phases to properly locate existing contributions in the advancement of the different aspects of SLA technology and to highlight open challenges. We found that Security SLAs have received limited focus ( $$15\%$$ ), dropping to $$12\%$$ in recent years, likely due to the exploratory stage of most research. This survey aims to help researchers and practitioners understand key features of the field, recognize major advancements and perspectives, and inspire future research.