Service level agreements have been used by companies for a long time in an effort to ensure they get the right bang for their buck, but industry experts say that with IT functions increasingly being moved to the cloud, it’s important to carefully define your goals in SLAs so that corners are not cut in an effort to increase the provider’s bottom line.
SLAs written with cloud providers must remain "specific, measurable, achievable, relevant and timely," and "should leave no ambiguity as to what both service providers and service consumers expect,"’ says Frederick Rose, service assurance practice director at Fusion PPT, who authored the InformationWeek Analytics report Promises, Promises: a Not-So-New SLA Model. They should be based on specific business needs, he emphasizes, and revolve around the key performance metrics that matter most to the client.
Internally, it’s easier to measure IT deliverables because networks, servers, apps, firewalls and other devices are transparent, says Rose. Yet, even though these areas are typically operated and managed independently, organizations don’t correlate user expectations for a service with the technologies that deliver them, leading to disjointed, inefficient services and dissatisfied users, he says. And, as companies sign on for externally based, multitenant clouds for services, if enterprise IT doesn’t make its requirements specific, says Rose, "the whole exercise is for naught."
According to David Snead, whose specialty is hammering out SLAs, companies have a much better shot at custom provisions if they know exactly what they're looking for and can frame their needs in the context of why they're critical for business. "Communicating with your provider about what your business does will get you an SLA that meets your business needs."
In terms of the typical guarantees cloud providers put in multitenant SLAs, one of the most common measurable is for downtime, says Adam Ely, CISO of cloud application platform provider Heroku.
"Service providers understand customers worry about downtime and tend to set an uptime goal ranging from 99% to 99.999%, depending on the type of offering, such as SaaS and PaaS,"’ he says. But Ely advises that organizations "understand a number of factors before comparing uptime numbers directly. Often providers report downtime that has no customer impact, thus lowering their overall uptime but not affecting the customer's uptime." Organizations should also understand what recourse they have if providers don't meet the stated SLA, rather than finding out they have no recourse during an outage, he says.
Security is undoubtedly one of the top concerns organizations have, and they should make sure their cloud providers also stress it in the SLA, says Ely. "When provider security practices are not clearly stated, it becomes hard for customers to make educated risk decisions, and [that] leads to a lack of trust and higher risk,’" he says.