Today, enterprises need a robust digital infrastructure for everything from customer engagement to operational continuity, and multi-cloud technology has become a fundamental enabler of enterprise success. However, with these increased complexities, organisations face increasing challenges in managing security risks, maintaining operational uptime, and above all, to maximise value from their cloud investments.

Emerging technologies and innovative approaches are reshaping the way enterprises navigate these challenges, and at the same time service level agreements (SLAs) too are evolving to align with these developments.

Transparency and clear communication between providers and customers are key to achieving faster, stronger security outcomes. With careful planning and a proactive mindset, IT and security leaders can bridge the gaps in their SLAs, mitigate security vulnerabilities, and scale their cloud strategies to achieve sustainable growth.

For cloud services, security is a shared responsibility: the provider ensures the integrity of the infrastructure, and businesses must protect their own applications, endpoints, and data. SLAs are intended to provide clarity on availability and performance, while outlining accountability between cloud providers and their customers. As businesses use more providers to boost agility and reduce dependency, managing SLAs grows more complex. Variations in contractual terms, misalignment with regulatory requirements, and inconsistent reporting structures can leave organisations exposed to unnecessary cyber and operational risks.

Addressing these challenges starts with centralised governance. Bringing IT, security, procurement, and legal teams together to evaluate and negotiate SLAs ensures that they are aligned with an organisation’s risk appetite and regulatory obligations.

Additionally, regularly mapping SLA terms against evolving compliance requirements and threat landscapes helps highlight where additional clauses, such as improved breach reporting timelines or clearer security obligations, are needed. Combining this with a resilient cloud strategy that addresses concerns like disaster recovery and load balancing can ensure that even if one provider falls short, the impact on business operations is minimised.

As enterprises expand their cloud capacity, this inevitably widens the attack surface. Traditional SLAs tend to focus on infrastructure uptime but often fail to address advanced cyber threats. IT leaders must take ownership of this gap by integrating AI-driven threat detection and end-to-end encryption into their cloud ecosystems.

AI-powered analytics, for example, can proactively identify anomalies in real time, flagging suspicious activity and helping teams respond to potential breaches before they escalate. Similarly, implementing end-to-end encryption and identity access management (IAM) ensures that sensitive data remains secure, even in the face of evolving threats. By investing in these measures, enterprises can close the security gaps left by standard SLAs, moving from a reactive to a proactive security posture.

It’s also important for SLAs to be flexible enough to meet the demands of highly regulated sectors, such as finance, where compliance requirements are particularly stringent. For example, aligning an SLA with the General Data Protection Regulation’s (GDPR) requirement for a breach notification within 72 hours not only ensures compliance, but also helps businesses avoid potential penalties while strengthening customer trust. As cyber regulations become more stringent worldwide, aligning security practices with global standards like GDPR is no longer optional, but essential for maintaining a competitive advantage.

The same principle applies to operational resilience. Service disruptions caused by weak SLAs are not just an IT inconvenience; they can have financial and reputational consequences. This is why uptime strategies must be shaped by both regulatory obligations and business priorities. In industries such like healthcare, that might translate into higher uptime guarantees and enhanced security controls, with customised SLAs designed to meet sector-specific needs. Further adopting a shared responsibility model, where providers ensure infrastructure resilience and enterprises focus on optimising application performance, reduces risk and speeds recovery when challenges arise.

Cloud technology’s promise lies in its ability to deliver agility, scalability, and cost efficiency. But these benefits are only realised when innovation is paired with disciplined governance. Whether adopting cloud architectures, containerised workloads, or serverless models, operational expertise and oversight are essential to prevent new vulnerabilities.

Cloud transformation is both a challenge and an opportunity for IT security leaders. SLAs set important expectations, and as tech innovation accelerates, they are continually evolving to address risks and business needs. By centralising governance, strengthening security beyond contractual terms, and adopting resilient, regulation-aligned cloud strategies, organisations can turn SLA gaps, security risks, and operational complexities into levers for improvement. Practical, risk-informed steps like these build trust and resilience, enabling enterprises to unlock the full potential of their cloud investments and achieve sustainable success in an increasingly digital world.

Vaibhav Dutta is vice president and global head of cyber security products and services at Tata Communications.

A pledge by the shadow home secretary, Andrew Griffith, to “look again” at reforming the controversial IR35 disguised employment legislation has received a lacklustre response from contracting market stakeholders.

During a speech at the Conservative Party conference on Monday 6 October 2025, Griffith talked about his want to reignite the country’s spirit of entrepreneurship, saying: “I understand there are far too many hurdles for small businesses to jump [and] red tape that steals away the precious time of those who run them.”

He awent on to pay credit to the self-employed, who he described as “risk-takers” that are “striking out on their own, often with nothing more than a laptop and a belief they can make it work”, adding: “That’s why we commit today to doing better for the self-employed. And that includes looking again at reforming IR35.”

The IR35 legislation, which was originally introduced at the turn of the millennium to clamp down on disguised employment-enabled tax avoidance within contracting circles, was subject to reform by the Conservative government in 2017.

At the time, the changes saw public sector contractors cede control for deciding how they should be taxed to the organisations hiring them out of concern some individuals were mis-representing their employment status to artificially minimise their employment tax liabilities.

For example, contractors were claiming their public sector engagements meant they were working outside of the IR35 rules, meaning they should be taxed in the same way as off-payroll workers, when they were really working inside IR35. The latter designation means individuals should pay the same National Insurance Contributions (NICs) and Pay-As-You-Earn (PAYE) taxes as a salaried employee.

The reforms were later extended by the Conservative government, amid fierce opposition, to the private sector in April 2021. In October 2022, a Conservative government overseen by former prime minister Liz Truss set out plans in a “mini-budget” to repeal the IR35 reforms by April 2023, but this pledge was quickly abandoned 10 days after it was first announced.

Given the Conservative party’s chequered history on overseeing changes to the IR35 legislation, Griffith’s comments about embarking on another reform of the legislation has not been greeted as positively as perhaps the party was hoping.

Seb Maley, CEO of contracting insurance provider Qdos, said the promise of a reform and more support for the self-employed might make for “nice headlines” but “the devil would be in the detail”, adding: “Given how damaging IR35 reform has been for some, this latest pledge will be music to the ears of many freelancers, contractors and consultants – not to mention businesses. Others, though, will need more convincing.

“The fact of the matter is that the Conservatives had countless opportunities to rethink public and private sector IR35 reform, but ploughed on despite efforts across the industry to encourage them to consider the bigger implications. It’s also difficult to overlook the irony. The shadow chancellor is Mel Stride, who was one of the driving forces behind the introduction of IR35 reform under the previous government.”

Dave Chaplin, CEO of IR35 tax compliance firm IR35 Shield, said Griffith’s comments show that the Conservative Party “needs to make up its mind on IR35” after years of flip-flopping on the matter. “They’re calling for reform of the very legislation they created, repealed and reformed,” he said.

And the fallout from the reforms originally coming into force in 2017 is still being keenly felt across the contracting market today. “When the reforms were first introduced, they contained a significant flaw that placed disproportionate tax risk on firms. This led many large organisations to ban contractors altogether, which was never Parliament’s intention,” said Chaplin.

“These market distortions continue to harm both businesses and contractors. Many compliant contractors are now unable to find work and, as a result, are paying no tax, an outcome completely contrary to the policy’s aims. While the reforms sought to curb tax avoidance, the overreach has been substantial.”

As part of its objective to migrate all of its industrial networks to 5G to ensure unified, “ultra-reliable” connectivity from its workstation to the aircraft cabin, Airbus is advancing its factory digitisation programme through the deployment of high-performance private 5G connectivity from Ericsson.

Through this strategic partnership, Airbus and Ericsson are accelerating the digital transformation of the aerospace industry, laying the foundation for the next generation of smart factories – fully connected, scalable and sharply focused on innovation across Europe and the world. The private 5G technology is being installed at the Airbus production site in Hamburg, with another deployment underway in Toulouse.

With a fully operational private 5G network now live in Hamburg, and a deployment at Toulouse underway, to be completed by 2026, this roll-out is part of a broader roadmap to extend private 5G across Airbus’s strategic sites in Europe – including further locations in Spain, the UK and internationally, with projects in the US and Canada pending. 

The initiative forms part of the Airbus digitisation strategy, which is aimed at strengthening manufacturing automation, traceability and operational efficiency, while meeting what the leading aircraft manufacturer assured will be the sector’s strictest safety and security standards. 

Moreover, the private 5G network will form the backbone of Airbus’s strategic transformation projects, enabling high-value industrial use cases such as internet of things (IoT) integration, intelligent management of critical equipment, real-time quality control and collaborative robotics.

Commenting on the installation, Airbus 5G expert Hakim Achouri said: “This deployment accelerates projects involving 3D simulation, augmented reality, improved traceability for parts, and predictive maintenance for our assets. The standardisation and scalability made possible by this architecture allow us to replicate the solution easily across further sites in Europe and worldwide.”

Airbus and Ericsson’s partnership in industrial connectivity also features advanced 5G standalone (SA) technology and deployment models, which are further attributed with accelerating 5G usage in office environments. Joint research and development efforts are also focusing on connected cabins, 6G, and non-terrestrial networks (NTNs) to enhance the connectivity ecosystem for aerospace and smart manufacturing applications.  

The tech provider stated that with full site coverage with private 5G, machines and operators on the production floor are set to gain true mobility, boosting productivity, process agility and end-to-end industrial control, all of which are regarded as key to realising the full potential of Industry 4.0. The private 5G solution’s built-in infrastructure automation is designed to enable rapid deployment across Airbus operations with the intended result of “significantly” shortening implementation timelines compared with traditional setups.

Ericsson believes this automation has already allowed Airbus to scale connectivity quickly and securely across multiple sites. Collaboration with the Ericsson product team has enhanced application integration, with the technology tailored to Airbus’s IT tooling and cyber security requirements. The design’s modular architecture and application programming interface (API)-driven interfaces are said to have simplified onboarding into Airbus’s existing systems, accelerating time-to-value and reinforcing robust security controls.

“Our collaboration with Airbus embodies the alliance between technological innovation and industrial excellence,” said Manish Tiwari, head of enterprise 5G and enterprise wireless solutions at Ericsson. “[We are] proud to support Airbus’s digitisation ambitions through Ericsson private 5G, offering best-in-class, secure connectivity at scale.”