10 May 5 Things Cloud Services Providers Must Offer in Their Service Level Agreement
Weighing all the pros and cons of cloud computing can be overwhelming. There are many factors to consider before you pick a cloud services provider:
- What type of cloud platform do you need?
- How much data do you need to migrate?
- How much will the migration cost?
Starting a relationship with a cloud vendor isn’t as easy as pointing out the one you like the best. With all business relationships comes fine print that details the rules of engagement. You will need to set expectations for the cloud services you are purchasing via a Service Level Agreement (SLA).
And watch out, SLA’s can be complicated.
SLA language with a cloud provider can easily morph into confusing tech-speak or vague legal jargon. It’s tempting to just nod your head at cumbersome clauses and articles, but you’ll need to read over each line and make sure you find the following:
5 things you should see in your cloud service provider’s SLA
1. Define how much downtime is acceptable
A cloud services provider must state how much uptime they can guarantee in the SLA in terms of “availability”. Amazon Web Services (AWS) and Microsoft Azure promise their clients 99.95% availability, or no more than 0.05% downtime. You may say, just about all top cloud providers offer 99.90%+ availability, does a 0.05% difference really matter?
In the worst case, 99.95% availability could mean 4.5 hours of downtime, while 99.90% could mean a network outage lasting an entire business day (or even longer).
Cloud service providers also need to clarify how your billing period relates to their availability. Do they promise 99.95% uptime per month or over the entire year? That’s the difference between downtime of scattered 20 minute periods and one outage of over 4 hours. If a 4-hour outage is unacceptable for your company’s own service level with clients, then your billing period is something you need to consider.
2. Define your compensation for downtime
Sometimes cloud service providers exceed the maximum agreed upon downtime. Be sure the SLA details how your company will be compensated if inconvenienced by outages. Compensation is typically offered in prorated service hours: excess hours of downtime multiplied by a compensation percentage.
Here’s a look at how compensation is mathed out:
Let’s say your SLA promises 99.5% availability: their network will never go down for more than 0.5% of the time. If your vendor agrees to compensate 100% of downtime hours outside the service level, they compensate you 1 hour in service credit for every 1 hour of excess downtime.
But keep the billing period in mind when defining downtime outside the service level.
If billed monthly, you’ll be compensated for availability less than 99.5% each month. But if billed annually, any drop below the service level could be averaged over 12 months.
One outage of 4.8% could be several disastrous days of downtime, and it averages to 0.4% a month which falls within the service level. So, not only does your bottom-line suffer, but you wouldn’t even be compensated for their service failure.
3. Establish ownership of your data and backup
You own your company data. Therefore, you should be able to remove it from the cloud whenever you want without any repercussions from the vendor.
If you agree with the statement above, you’d better establish data ownership in your SLA.
Ownership of data always needs to be plainly stated in writing. If you have it written in the SLA, you don’t have to worry about losing the rights to sensitive company information when stored on the cloud. Imagine giving away intellectual property by accident because you didn’t read over the terms of ownership in your SLA. Here’s a section from Amazon Web Service’s SLA on data ownership:
Don’t forget about data backup
Is your cloud vendor responsible for data recovery if a server crash causes half of your company data to go missing? Not if you don’t define it in the SLA.
Many cloud providers put all the responsibility for data recovery on their clients. So make your own backup preparations. Your managed IT provider can partner you with a reliable third-party vendor to handle data recovery (before you put data on the cloud).
4. Specify roles for security measures
A 2016 survey showed that more than 20% of IT decision makers had SLA issues related to cloud security. This isn’t surprising as most SLAs focus more on performance and less on security. When outlining your SLA, write out the shared responsibilities of cloud security:
- How they will protect your data
- Your right to audit their performance
The SLA should lay out security tiers that cover the level of sensitive data your putting on the cloud. Then, on your end, establish your right to audit their compliance with the cloud security standards: did they provide the security measures promised in the SLA?
Double-check the fine print of your SLA and make sure other parts of the services, like availability, are not affected by security measures. If you don’t read and specify the security details, something intrusive like a routine security scan could begin at a busy time of the day and detract from your employees’ productivity.
5. Plan an exit strategy
Exit strategies are usually missing from cloud service SLAs, and the vendor has little incentive to plan one for you.
If left to the cloud vendors, many will define the exit strategy in vague terms. A good approach to developing an exit strategy is to sit with the vendor and ask:
- When the contract ends, how long will data stay in the vendor’s system?
- How will the data be moved from the vendor’s system?
- How will the vendor assure the customer they’ve erased the data on their end?
Make sure your satisfied by their answers. Most of these agreements will be written by lawyers getting paid to protect the cloud vendor, not your company. So, you need to take responsibility and set up clear exit protocols.
Leverage your IT support company for a better SLA
Service level agreements need to cater to your company needs for uptime, security, data ownership and so on. Above all, service level agreements need to protect your company. This requires a careful assessment with your managed service provider of where you need cloud support and what SLA parameters need to be in place.
You can rely on your IT support company because they understand your technology needs. They will be able to select the best cloud vendor for you and suggest plain speaking SLA clauses that protect your company. It will make defining the finer points of the service level agreement much easier.