3 Truths About Cloud Software SLAs

Complex service level agreements (SLAs) have long been the norm for upholding performance and uptime guarantees for traditional on-premises applications and old-world hosted apps. But experts say when it comes to the shared resource world of cloud-based software, enterprise IT must rethink its tried and true notions for IT contracts.

While SLAs for traditional IT services are typically highly tailored to meet the unique uptime, performance, and availability requirements for a particular application and business process, that same level of granularity and customization rarely exists with cloud software SLAs. Cloud SLAs are generally far more standardized experts say, and overall, far less enforceable.

Truth 1: A one-size-fits-all SLA is common

What's common in the era of cloud-based software is a one-size-fits-all SLA with a base set of performance metrics, intended to meet the needs of the broader user population and a wider variety of use cases. "It would be extremely difficult for anyone to negotiate an SLA with a cloud provider that is in any way significantly different than their standard terms," says Tom Nolle, president of CIMI, a consulting firm that caters to telecommunications, media, and technology issues. "It's almost an inevitable consequence of the cloud."

[ Bring your own cloud is coming to an enterprise near you, CIOs. See If Bono Loves Dropbox, Shouldn't You? ]

What is it about the cloud model that breeds a vanilla SLA? Cloud providers argue that any deviation from a standard agreement impedes the cloud provider's overall ability to deliver on the value proposition and overall economies of scale enabled by the cloud's shared resource pool and multitenant computing architecture.

"Saying that some users are going to get different performance than other users is the antithesis of the concept of a vast resource pool," Nolle contends. "If you're going to make effective allocation of resources in the cloud, you can't make concessions from standard terms of service, because those standard terms of service are the basis for calculating profit, margins, and operating efficiencies. [As an IT department] You're just not going to get radical changes in the SLA."

Truth 2: Expect relatively immature SLA terms

Also know this: Whatever limited terms you are offered are typically just that--pretty basic terms. Given the relative immaturity of the cloud software market and the fact that many of the providers are smaller companies, often startups, contract terms are still evolving. In many cases, these terms only cover the bare minimum.

Most enterprises are accustomed to SLAs that sometimes call out as many as a dozen very specific benchmarks, most commonly a certain percentage of uptime and availability--in many cases, 99.99% is the target number. However, few cloud software providers, at this point, offer such formal guarantees, instead using looser terms to describe uptime availability. Others like Symantec, which tout more comprehensive SLAs, go as far as to promise things like 100% service uptime, with problem solving responses in the range of 75% for an eight-hour response to minor issues, up to a 95% rate for a two-hour response for anything deemed a critical problem.

Truth 3: Multiple layers mean limited accountability

Let's face it--a cloud software provider can promise the moon when it comes to SLA performance levels, but the truth is the software depends on the Internet and overall network infrastructure to run. In that sense, any disruption to critical areas outside of the provider's jurisdiction has everything to do with the performance of their application, making it next to impossible, experts say, to make concrete guarantees about availability and uptime.

That wasn't necessarily the case with previous-generation ASP (Application Service Provider) or on-demand applications, where a provider delivered computing services to a customer via a network dedicated to that particular customer. In this case, the provider had complete control in managing uptime and mitigating network failures.

"One of the risks of cloud-based solutions is network failure between you and the cloud provider," notes Jonathan Shaw, a principal with Pace Harmon, a consulting company. "No one is responsible--that's part of the risk."

Of course, there are upsides to the one-size-fits-all cloud software SLA model as well. For example, in the world of Software-as-a-Service (SaaS), one buyer's requirements resulting from a security audit could translate into new security features that benefit all. Beyond democratizing improvements, most cloud software vendors do maintain pretty high performance standards.

"Cloud software contracts aren't customized like an IBM hosting deal, but there are high and rigorous security standards set," says Liz Herbert a principal analyst at Forrester Research.

The pay-as-you go nature of the cloud makes ROI calculation seem easy. It’s not. Also in the new, all-digital Cloud Calculations InformationWeek supplement: Why infrastructure-as-a-service is a bad deal. (Free registration required.)