Question

Discuss in 500 words or more the top 5 details that should be included in your cloud SLA

Answer 1

In order to survive in today’s world, one must be able to expect the unexpected as there are always new, unanticipated challenges. The only way to consistently overcome these challenges is to create a strong initial set of ground rules, and plan for exceptions from the start. Challenges can come from many fronts, such as networks, security, storage, processing power, database/software availability or even legislation or regulatory changes. As cloud customers, we operate in an environment that can spans geographies, networks, and systems. It only makes sense to agree on the desired service level for your customers and measure the real results. It only makes sense to set out a plan for when things go badly, so that a minimum level of service is maintained. Businesses depend on computing systems to survive.

In some sense, the SLA sets expectations for both parties and acts as the roadmap for change in the cloud service – both expected changes and surprises. Just as any IT project would have a roadmap with clearly defined deliverables, an SLA is equally critical for working with cloud infrastructure. That raises the next question in the journey: what should be in the SLA?

In order to consistently develop an effective SLA, a list of important criteria needs to be established. Let’s start with an initial list:

• Availability (e.g. 99.99% during work days, 99.9% for nights/weekends)
• Performance (e.g. maximum response times)
• Security / privacy of the data (e.g. encrypting all stored and transmitted data)
• Disaster Recovery expectations (e.g. worse case recovery commitment)
• Location of the data (e.g. consistent with local legislation)
• Access to the data (e.g. data retrievable from provider in readable format)
• Portability of the data (e.g. ability to move data to a different provider)
• Process to identify problems and resolution expectations (e.g. call center)
• Change Management process (e.g. changes – updates or new services)
• Dispute mediation process (e.g. escalation process, consequences)
• Exit Strategy with expectations on the provider to ensure smooth transition

With a core set of criteria established, the next step is to evaluate the criticality of the cloud service and associated data. Nearly any computing system can be made extremely reliable, but the costs may be too high. Not every system needs the same degree of reliability as NASA designed for the space shuttles, and few could afford the costs.

For example, providing a read-only catalogue for customers is fairly simple. While the catalogue may be very high value, it is fairly easy to restore from backup with minimal customer impact. However, if the same service has an online shopping with financial transactions and customer data, then the risk level and also importance to the business just increased. The nature of the service is integral to determining the right SLA.

For every new cloud service, an SLA assessment process should be done. The SLA is a living agreement though and as services change, the SLA should be reassessed.

The SLA should act as a guide for handling potential problems. We need to look at the SLA as a tool for protecting the stability of the service, protecting the assets of the company and minimizing the expense should drastic actions be required. As an example, changing service providers and undoing the contracts in place, should be a last resort; it’s a very expensive and painful solution. Nonetheless, it needs to be covered in the SLA so that both parties can disengage a lawsuit.

The SLA should include components in two areas: services and management.

Service elements include specifics of services provided (and what's excluded, if there's room for doubt), conditions of service availability, standards such as time window for each level of service (prime time and non-prime time may have different service levels, for example), responsibilities of each party, escalation procedures, and cost/service tradeoffs.

Management elements should include definitions of measurement standards and methods, reporting processes, contents and frequency, a dispute resolution process, an indemnification clause protecting the customer from third-party litigation resulting from service level breaches (this should already be covered in the contract, however), and a mechanism for updating the agreement as required.

This last item is critical; service requirements and vendor capabilities change, so there must be a way to make sure the SLA is kept up-to-date.