3 Truths About Cloud Software SLAs - InformationWeek
Cloud // Software as a Service
10:11 AM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

3 Truths About Cloud Software SLAs

You're not imagining things. Unlike the rigorous SLAs of traditional enterprise IT services, today's cloud software SLAs don't offer much room for customization and tend to cover only the basics.

Complex service level agreements (SLAs) have long been the norm for upholding performance and uptime guarantees for traditional on-premises applications and old-world hosted apps. But experts say when it comes to the shared resource world of cloud-based software, enterprise IT must rethink its tried and true notions for IT contracts.

While SLAs for traditional IT services are typically highly tailored to meet the unique uptime, performance, and availability requirements for a particular application and business process, that same level of granularity and customization rarely exists with cloud software SLAs. Cloud SLAs are generally far more standardized experts say, and overall, far less enforceable.

Truth 1: A one-size-fits-all SLA is common

What's common in the era of cloud-based software is a one-size-fits-all SLA with a base set of performance metrics, intended to meet the needs of the broader user population and a wider variety of use cases. "It would be extremely difficult for anyone to negotiate an SLA with a cloud provider that is in any way significantly different than their standard terms," says Tom Nolle, president of CIMI, a consulting firm that caters to telecommunications, media, and technology issues. "It's almost an inevitable consequence of the cloud."

[ Bring your own cloud is coming to an enterprise near you, CIOs. See If Bono Loves Dropbox, Shouldn't You? ]

What is it about the cloud model that breeds a vanilla SLA? Cloud providers argue that any deviation from a standard agreement impedes the cloud provider's overall ability to deliver on the value proposition and overall economies of scale enabled by the cloud's shared resource pool and multitenant computing architecture.

"Saying that some users are going to get different performance than other users is the antithesis of the concept of a vast resource pool," Nolle contends. "If you're going to make effective allocation of resources in the cloud, you can't make concessions from standard terms of service, because those standard terms of service are the basis for calculating profit, margins, and operating efficiencies. [As an IT department] You're just not going to get radical changes in the SLA."

Truth 2: Expect relatively immature SLA terms

Also know this: Whatever limited terms you are offered are typically just that--pretty basic terms. Given the relative immaturity of the cloud software market and the fact that many of the providers are smaller companies, often startups, contract terms are still evolving. In many cases, these terms only cover the bare minimum.

Most enterprises are accustomed to SLAs that sometimes call out as many as a dozen very specific benchmarks, most commonly a certain percentage of uptime and availability--in many cases, 99.99% is the target number. However, few cloud software providers, at this point, offer such formal guarantees, instead using looser terms to describe uptime availability. Others like Symantec, which tout more comprehensive SLAs, go as far as to promise things like 100% service uptime, with problem solving responses in the range of 75% for an eight-hour response to minor issues, up to a 95% rate for a two-hour response for anything deemed a critical problem.

Truth 3: Multiple layers mean limited accountability

Let's face it--a cloud software provider can promise the moon when it comes to SLA performance levels, but the truth is the software depends on the Internet and overall network infrastructure to run. In that sense, any disruption to critical areas outside of the provider's jurisdiction has everything to do with the performance of their application, making it next to impossible, experts say, to make concrete guarantees about availability and uptime.

That wasn't necessarily the case with previous-generation ASP (Application Service Provider) or on-demand applications, where a provider delivered computing services to a customer via a network dedicated to that particular customer. In this case, the provider had complete control in managing uptime and mitigating network failures.

"One of the risks of cloud-based solutions is network failure between you and the cloud provider," notes Jonathan Shaw, a principal with Pace Harmon, a consulting company. "No one is responsible--that's part of the risk."

Of course, there are upsides to the one-size-fits-all cloud software SLA model as well. For example, in the world of Software-as-a-Service (SaaS), one buyer's requirements resulting from a security audit could translate into new security features that benefit all. Beyond democratizing improvements, most cloud software vendors do maintain pretty high performance standards.

"Cloud software contracts aren't customized like an IBM hosting deal, but there are high and rigorous security standards set," says Liz Herbert a principal analyst at Forrester Research.

The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital Cloud Calculations InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/11/2012 | 2:20:36 AM
re: 3 Truths About Cloud Software SLAs
Seems like we should be past some of the immaturity in SLA terms referenced in the second point. @readers: what have your experiences been like dealing with SLAs from cloud providers?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll