James Thew - Fotolia
Trust is one of the most important factors in any relationship. And that sentiment holds true in a cloud provider-user relationship, as well. When a cloud service provider guarantees a certain level of performance, the user needs to know those expectations will be met. That's where a service-level agreement comes into play.
Each cloud service provider has its own service-level agreement (SLA) that covers a range of service limits and guidelines around performance, availability, costs and more. An SLA might look good on paper, but a user should understand all the details to be satisfied with their service.
While reading every word of your SLA is a good start, you need to ask certain questions to ensure your requirements are met. Here are five common questions to sharpen your cloud computing SLA knowledge.
What is a cloud computing SLA?
Wouldn't it be nice if every purchase came with performance guarantees in writing? When it comes to purchasing cloud services, SLAs make that a reality. A cloud computing SLA is a contract between a cloud service provider and customer that dictates which services it will provide, performance levels, availability, costs, notifications, response time and more -- all in calculable terms. SLAs assure customers that their cloud service will meet certain benchmarks. For example, if your cloud SLA guarantees 99.9% uptime -- 43 minutes of downtime per month or eight hours and 46 minutes per year -- then your cloud provider is responsible for making sure your downtime never exceeds 0.1%. In some cases, providers offer credits for downtime that exceed SLA limits.
In addition to performance and availability, cloud SLAs can also cover security and compliance. The agreement lays out each party's responsibilities and what to expect in the event of an outage or security breach.
What should I look for before I agree to a cloud SLA?
Before you agree to your cloud SLA, you have to ask the right questions and know what to watch for. First, be sure to thoroughly read the contract. Otherwise, you'll lock yourself into unsatisfactory terms. Additionally, it's imperative to clearly state who maintains ownership of the data. Customers should also be aware of their data's geographic location, as some providers have data centers outside of the U.S. Remember, your data needs to be compliant with whatever regulations or standards apply to your business -- for example, HIPAA or PCI DSS.
A cloud SLA should have parameters for disaster recovery in the event of an outage. The agreement should state how data will be affected and the failover plan. To avoid monthly billing surprises, beware of all potential costs. In addition to mapping out acceptable performance and availability levels, your cloud computing SLA should include the resulting ramifications if terms of the agreement aren't met.
How much downtime is too much?
No matter the IT service, downtime is inevitable. It's impossible to completely avoid outages, but a cloud SLA should include the acceptable amount of downtime for each service. But what is an acceptable amount? That depends on your business needs.
Obviously, all cloud customers would love to have five nines availability for their services. Most cloud providers offer at least 99.9% availability. For example, Amazon Web Services Elastic Compute Cloud and Microsoft Azure both offer 99.95% availability. However, it's important to understand how providers measure downtime. In some cases, customers are forced to prove downtime to their cloud service providers. Make your availability requirements clear in your SLA. If you need your services during a specific timeframe, make sure that's specified in the agreement. Additionally, enterprises must ensure a backup and disaster recovery plan is in place.
What if my provider isn't meeting the SLA expectations? And how do I know?
What good is a cloud contract if your provider isn't holding up its end of the bargain? If a provider does not meet the expectations set in the cloud SLA, there needs to be penalties. These can range from financial ramifications to early termination. Negotiate your SLA to include potential provider infractions, along with their respective penalties. Most providers offer credits for downtime, but they don't always suffice for lost business.
To enforce your cloud SLA, you need to monitor your provider's performance. Management tools and APIs are available to monitor your application or service's performance, but it's still important to document all issues. Effective communication between customers and cloud providers is paramount to a solid cloud computing SLA.
What about compliance? What regulations do I need to meet?
While cloud regulations and standards are constantly changing, the need to remain compliant remains critical. Before choosing a cloud provider and agreeing to an SLA, customers need to know how each provider handles compliance for their businesses' specific regulations.
If you are in the healthcare industry, you need to be aware of HIPAA regulations. For retail and other organizations that deal with credit card holders, PCI DSS requires credit card data be restricted. Additionally, consider location-specific regulations, since standards vary between states and other countries.
Compliance does not guarantee cloud security. Who is responsible for cloud security? Make sure your SLA includes the necessary security precautions, such as encryption and other tools, as well as the provider's resiliency in the event of a breach.
Nicholas Rando is assistant site editor for SearchCloudComputing. You can reach him at [email protected].
How to recover from a cloud SLA violation
Breaking down cloud compliance concerns
Considering cloud insurance for peace of mind