This content is part of the Essential Guide: Breaking down what's in your cloud SLA

Ten key principles of evaluating a cloud SLA

Don't get buried under cloud SLA details. Know how to read the fine print and ensure it jibes with your personal business needs.

"Be prepared" isn't just the Boy Scouts' motto; it should also carry over into any cloud provider evaluation and selection process. After researching and spelling out your business' cloud service-level agreement (SLA) requirements up front, it's time to get down to the brass tacks of assessing the cloud SLA in front of you.

While the story of the cloud is still one of buyer-beware, companies can use SLAs to secure performance and availability. If you've come prepared and explored all possible risks, be sure the appropriate protections are outlined in detail. Use these 10 principles to guide your enterprise's cloud SLA evaluations.

1. KISS: Keep it short and simple. Avoid getting bogged down by details. Focus on your company's business priorities and the metrics that govern positive business outcomes rather than technical parameters. Target what is most important to your business, instead of what the cloud SLA provides a typical consumer.

Identify potential gaps and check whether the prospective provider allows for negotiations to fill in the gaps. At the same time, liability needs to be outlined with specificity. It's traditional, for example, for a cloud provider's liability to be limited to direct damages and capped at an aggregate dollar amount for all claims under the agreement. Consider whether these kinds of conditions work for your company.

2. Consider unique business needs. As most providers deal with customer and service volume via Multi-tenancy and resource sharing, their SLA considerations can border on most-common-denominator metrics that serve a broad swath of customers rather than your particular business. As a result, particular requirements become more difficult to satisfy. You'll want to know how a cloud provider deals with one-off requests from a customer.

3. Look at SLAs vs. QoS. It is important to differentiate among cloud service specifications, service availability and quality of service (QoS). Boilerplate agreements, for example, will likely guarantee certain levels of availability but not the quality of service.

While the story of the cloud is still one of buyer-beware, companies can use SLAs to secure performance and availability.

Multi-tenancy and peak-load-pattern variation can degrade cloud service unexpectedly. As a result, an SLA's service-availability requirement may be met, but its QoS may not. In the case of cloud bursting in real time, this can create uneven performance for users that access in-house IT versus those who access cloud-burst capacity or, worse, end customers. QoS can directly impede productivity or business output.

4. Remember disaster recovery. In the event of a disaster at a local site or a provider's IT site, how is data access affected? This is especially critical for hybrid cloud environments that have business process or data integration dependencies between internal IT departments and a public cloud.

It's also important to consider consistency between these two clouds: Does your cloud SLA match up with internal recovery point and recovery time objectives? Is the data locked into the provider's environment? Is there a mechanism to retrieve cloud data for disaster recovery (DR), or to migrate to another provider or internal IT infrastructure?

5. Look for special fees and costs involved. Unlike companies with large amounts of legacy data that needs to be brought into the cloud before it can be used meaningfully, some customers have few digital assets. That makes cloudsourcing easier, since moving data into the cloud can cost money and time. Companies need to evaluate whether such data transfer mechanisms align with their business obligations and security objectives.

6. Don't forget data retention. Compliance or business obligations necessitate data retention or hard deletion after a certain period of time. Customers need to ask for special data access audit reports, or they should instead screen data so any information requiring a hard deletion is kept on-premises rather than in the cloud.

7. Build an undiluted SLA. In a hybrid cloud setup, on-premises or private cloud SLAs run the risk of dilution with the introduction of cloud services into the mix -- unless the business functions running on-premises and those working on the cloud service are mutually exclusive. Evaluate SLAs for clauses that may weaken any aspect of related on-premises SLAs or other providers' cloud SLAs if you are using more than one cloud provider.

8. Look for third-party dependencies. If a third party is involved with a private cloud or if a cloud service provider depends on a third party to deliver its service, it's important to evaluate a cloud SLA for potential gaps and ascertain clarity with respect to responsibilities and ownership -- especially in case of breaches and conflicts. Several cloud providers have fine print in their SLAs that limit their responsibility to the infrastructure and services they own.

9. Keep cloud standards in mind. Over time, both enterprises and hybrid cloud environments evolve and grow. They may require migration of workloads and data from one cloud provider to another. Flexibility, extensibility and standards compliance of provider SLAs, especially with multiple vendors involved, are crucial in the long term.

10. Check on other considerations. Without compromising on cloud flexibility, scalability or cost advantages as compared with an on-premises alternative, does the prospective provider's cloud SLA address these issues?

  • Acceptable transaction latency. Can it coexist with an on-premises setup, or will there be integration-related load or peak issues?
  • Refunds. However liberal or customer-friendly the cloud provider's credit refund policy is, actual credits are not refundable and are usually applied only toward future payments.
  • Cloud SLA evolution. Rapid technology and business requirement changes necessitate that hybrid cloud environments can accommodate future revisions in SLAs to take care of changing business needs, instead of getting constrained by rigid provider SLAs.

The bottom line is that consumers' awareness about their IT needs and the clarity of desired business outcomes in harnessing clouds are critical in SLA evaluations, regardless of how complex, limited or confusing a provider's cloud SLA may be.

About the author:
Larry Carvalho runs Robust Cloud LLC, an advisory services company that helps organizations develop strategies to take advantage of cloud computing.

Dig Deeper on Cloud computing SLAs