Negotiating service-level agreements with providers is a matter of metrics, performance targets, and realistic remedies.
For IT teams that like control, the "black box" cloud model, where customers implicitly give up the right to direct how and when most tasks are performed, can be stressful. The remedy: robust service-level agreements tailored to the as-a-service paradigm. The problem is that not all service providers agree. To the extent that cloud computing providers offer SLAs at all, in our experience their agreements tend to be weak, laden with unfavorable credit terms, and overly standardized with scant room for negotiation.
The trick for enterprise IT teams is to get the protection afforded by a tailored SLA without negating the benefits--lower cost, increased scalability, and simpler management--that led them to the cloud model in the first place. In fact, an SLA itself isn't enough; just as important is a service specifications document, which spells out the respective responsibilities of the provider and customer; your ability to remove data from the cloud and mechanisms for doing so; and requirements relating to security, compliance, and data retention. (We discuss the service spec document in more detail in a free report.)
As for customized SLAs, we've heard plenty of providers argue that they can't deviate from a standard agreement because their multitenant offering requires a standard product description and contract. While this reasoning has some merit with respect to service capabilities, it's less clear why it should be the case when requesting an SLA that measures an existing aspect of the service. For example, while most software-as-a-service providers don't guarantee that transactions will complete in a certain amount of time in their standard SLAs, transaction execution is an implicit element of the provider's service, so it should be possible to negotiate a service level.
Providers' inflexibility may be due simply to their not having been pressured to change--yet.
If you want a custom SLA, we recommend submitting a request for proposal with your requirements. Depending on your leverage, however, the provider may mark up the proposed SLA extensively or refuse it outright and require you to negotiate from its baseline. Worst case, it could simply insist you accept its canned set of terms.
What then? That depends on the uniqueness of the cloud offering and whether the business side has latched on to a desired provider. How you negotiate SLAs should be tailored to reflect the strength (or weakness) of your company's position, anticipated provider behavior, and the quality of the provider's standard SLA. If you must move ahead with a cloud service and you have little negotiating leverage, use your limited influence to address only the most egregious aspects of the provider's SLAs, rather than asking for something overly aggressive that will likely result in outright refusal.
Our four-step plan for getting the best cloud SLA will help.
Step 1: Build The Service-Level Portfolio
The first step in developing an SLA is identifying the portfolio of service levels that best measure and manage provider performance. In determining these metrics, a company should:
>> Make the metrics relevant to business performance, not technology. Service levels should focus on business outcomes, rather than provider compliance with technical parameters that don't relate directly to business value. For example, if an application is used predominantly in support of monthly closing activities, measuring availability over the entire month doesn't reflect how critical the software is at the month-end period.
>> Develop a collectively exhaustive metric portfolio. Ensure that any failure to meet the business' needs will be reflected in a failure to meet one or more service levels. For example, if a substantial increase in screen update time would sink user productivity, include a related metric in the portfolio. A problem we frequently encounter in "distressed" service relationships is dissatisfaction with service quality even though SLAs are consistently being met.
>> Be sure service levels are mutually exclusive. Avoid overlapping service-level metrics that can dilute provider focus and result in misleading performance reports. For instance, an infrastructure-as-a-service customer might consolidate metrics for "average time to provision a server instance" and "provision success rate." By avoiding duplication and overlap, you also eliminate the need for the provider to set pricing to protect itself against "double jeopardy" credit situations.
>> Institute checks and balances between metrics. Your SLA portfolio should consider each service level in the context of the overall SLA framework and the outcome you want. Address any potential adverse incentives with a counterbalancing metric. A common example comes from outsourced service desks, where emphasis on "average handle time" can lead to lower-quality call outcomes unless a compensating metric, such as "first-call resolution," is included.
>> Limit the size of the portfolio for manageability. An SLA portfolio of more than eight to 10 service levels can become unwieldy. You want to keep the provider's attention on the metrics most critical to your business, which in most cases relate to service availability, service performance, and timeliness of fixing problems.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.