More SLA Questions..

Can my words have footnotes, please? – Amy Harbottle

This past week I was interviewed for the upcoming http://www.servicetechsymposium.com/ this year.  I always take every opportunity to speak or teach because it forces me to really focus on the areas that I am exploring with others.  One of the most popular subjects in recent times is the SLA, that is why I have chosen to spend a lot of time on it.

We have a problem and it is a serious one, consumers are not controlling the market.   I understand that the idea of this doesn’t make much sense but it is the reality and we need to know what we can do about it, if anything.   We also need to know what questions we should ask from the boardroom to the lab.

How much do you pay for gas today?  When you go to the doctor’s office are the prices on the wall like McDonalds?  How about your dentist?

How many times have you installed a piece of software and scrolled down through 60+ pages (like Apple) to use install it or use the product?

Lets get this straight… you go someplace or purchase something and you have NO SAY in the conditions of the exchange other than if you don’t like it you don’t accept.  What if your husband or wife agreed and you didn’t know?  What about your children?  They click faster than you.

I remember when you could go into a store and negotiate a price on an item and the conditions of sale.   You can still do that!  We just have either forgotten or our children don’t know.  This is very important because it directly correlates to your ability to make choices on what you are willing to purchase and what you aren’t.  If I told you that somewhere in the agreement that you didn’t read it says “If xxx.inc finds out that you have died, xxx.inc has the right to recover software sold under licensing and any hardware or media that software resides on”  Would that be ok?   Read some of these agreements.

This applies to the service level agreement as well.   This is critical because lawyers are not making these agreements on your behalf but they are making these agreements on behalf of the service provider.   It is like going to court without representation against the legal mafia.

Last year Amazon had a service outage that put companies down hard but it didn’t violate any SLA and further there was no remedy for these companies ( http://cloud-computing-today.com/2011/04/24/why-amazons-cloud-computing-outage-didnt-violate-its-sla/)

Ray Wang http://www.forbes.com/sites/ciocentral/2011/04/25/mondays-musings-lessons-learned-from-amazons-cloud-outage/ writes:

As calmer heads prevail, most CIOs, business leaders, and analysts realize that:

  • Cloud outages are rare but can happen. While most organizations can not deliver 99.5% up time let alone 90% performance, disruptions can and will happen.  The massive impact to so many organizations last week highlights potential vulnerabilities of betting 100% of capacity in the cloud.  More importantly, it showed that broad adoption does not equate with bullet-proof reliability.  Most organizations lacked a contingency plan.
  • Cost benefit ratios still favor cloud deployments. For most organizations, the cost of deploying in the cloud remains a factor of 10 cheaper than moving back to the traditional data center or even a private cloud.  Capital costs for equipment, labor for managing the data center, excess software capacity, and the deployment time required to stand up a server create significant cost advantages for cloud deployments.
  • Current service level agreements lack teeth and should be improved.Most organizations lack teeth in the cloud/saas contracts to address service level agreement failure.  Despite all backups and contingency plans, clients should consider scenarios where core business systems go down. What remedies are appropriate? What contingencies for system back up are in place.   Who is responsible for disaster recovery? Will the vendor provide  liability and for what?

The Bottom Line: Proactively Account For Breaches In Service Level Agreements In SaaS/Cloud Contracts

Organizations should protect themselves from future breaches through a combination of contract provisions and contingency plans.  Here are some suggestions recommended to clients:

  • Apply provision from the SaaS/Cloud bill of rights.  Though written in late 2009, this document remains a best practices guide to SaaS contracting.  Key provisions to apply include: Quality guarantees and remuneration, stipulate data management requirements, on-going performance metrics
  • Include service level agreements with teeth. Credits for free licenses for down time sound good on paper. In reality, down time when critical systems fail could result in massive financial losses.  Contracts should apply risk on the potential business loss.  Some clients include a provision that identifies compensation for a percentage of average daily business revenue during the time period of down time.
  • Reevaluate your Amazon deployment strategy. Believe it or not, Amazon technically did not violate its service agreements.  To deploy a true backup strategy, organizations should add copies of their server instance in multiple regions and data centers as an added layer of protection.  This ensures that a proper fail over occurs even if multiple regions experience outages.
  • Implement a real disaster recovery strategy. The Amazon outage exposed that many start ups failed to have a disaster recovery strategy.  A number of solution providers now provide cloud disaster recovery.  More importantly, these providers can recover physical or virtual machines in a cloud within minutes.  Whether organizations can fire up a backup server in time remains the open question.

Think about this! 

Your business is YOUR responsibility.  How many organizations are responsible for more than just themselves?  Local, state and federal government are moving into cloud strategies, banks and financial institutions are making groundbreaking moves on cloud computing and finally medical communities are moving “to the cloud.”

My doctor is a really cool guy and I trust him when he tells me that I should eat right and exercise but I don’t want him putting my medical records in cloud services that he doesn’t understand.