Custom cloud service level agreements aren't the norm, but can be done. Prepare to make a business case to the cloud provider with this expert advice.
While negotiating special contract terms is not standard operating procedure in the world of software-as-a-service (SaaS), experts say companies have a much better shot at custom provisions if they know exactly what they're looking for and can frame their needs in the context of why they're critical for business.
"You need to spend time figuring out why you need to make the change so you can make a business case to the cloud provider that it's in everyone's best interest that the changes be made," noted David Snead, an attorney in Washington, D.C., who represents Internet infrastructure providers and whose specialty is hammering out service level agreements (SLAs).
As an example, Snead cited a social network company that sought custom SLA terms and was successful. Rather than complain that the provider's generic uptime guarantees weren't enough, the company detailed a highly specific scalability requirement to accommodate usage spikes during key time periods. "They said, if your network can't expand during those time periods, we will lose X amount of revenue so we need you to expand your SLA to accommodate that," Snead recounted. "Communicating with your provider about what your business does will get you an SLA that meets your business needs."
Other than transparency and a clear accounting of business need, there are plenty of strategies for negotiating the best SLA terms with a cloud software provider. Here are four additional best practices to ensure you cut the best deal:
1. Don't set unrealistic expectations.
Since many cloud providers offer standard terms, they tend to set the bar pretty high in terms of service-level performance in areas like uptime, security, and high availability. Getting fixated on a particular metric--say 99.999% uptime, for example--as a requirement when your own IT organization couldn't possibly meet that standard can stand in the way of establishing an effective and enforceable SLA. "Be realistic about what you're asking vs. the reality of what you do or need to do," said Liz Herbert, principal analyst at Forrester Research. "Make sure you're not aiming for a pipe dream in your contract."
2. Do proper research and make the SLA part of the selection process.
Given that there's often less flexibility around SLAs, it makes sense to consider a cloud provider's SLA as part of the due diligence around vendor selection--not as an afterthought, post evaluation. For instance, if your business needs a highly redundant environment, a cloud provider serving up routers, network, server, and application infrastructure for use along with 50 other customers may not be the right fit. "It really comes down to whether a cloud solution offered by provider X is suitable for what your business is going to do," said Jonathan Shaw, principal with Pace Harmon, a consulting company. "The SLA needs to come into play during the selection process rather than at the backend in negotiation."
It also makes sense to collect SLAs from other cloud providers so you can make an informed comparison about what most are offering and potentially use the information to your advantage, according to attorney Snead. "If you are able to say that competitors are providing this SLA clause and you can demonstrate why it's important to you, it goes a long way in creating a strong argument," Snead explained.
3. Aim for an SLA that reflects the user experience.
Whenever possible, insist on SLAs that reflect the full scope of service. So, for example, it's not enough for the cloud provider to say they've met their SLA if their server is up, but the network or Internet connection is down. It's necessary to include providers' switches, firewalls, networks, authentication systems, and whatever other gear as part of how you measure application availability, noted Shaw. "Makes sure they're measuring availability [of the application] from outside of their firewalls, routers, data center, and networks, and that they're not just using a monitor sitting in their data center," he explained.
4. Make sure the provider can meet its SLA claims.
If it's critical to your business that your data be mirrored in two different locations, Shaw said, don't just settle for an SLA that promises a high level of redundancy or says simply that data will be mirrored. Instead, shoot for SLAs that specify that data will be mirrored to these two very specific and separate locations. "In an SLA, specificity is very important," he explained. "You don't want to leave it open to broad terms. It goes back to knowing what you want--as a customer, you know your business best and you shouldn't rely on a provider to figure out what you need."
The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital Cloud Calculations InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.