The service-level agreement is a crucial part of any cloud strategy – here’s what you need to know.
The SLA sets out what you can expect from a cloud provider, the features they provide, the level of access you might expect to receive and what happens if things go wrong. Here are some of the key terms to watch for:
You need to know how long the system will be available and for this, users turn to uptime. Most of the top providers have availability levels around 99.999%. This should state availability both during work days and weekends or nights.
You will need to choose the level of encryption they need such as full disc, file level, DB or app encryption. The more comprehensive encryption is the greater the range of threats it will protect against. Users should also be aware of the risks involved with cloud platforms. Weaknesses in a provider’s platform can compromise your own security.
- Disaster recovery
Even the best system cannot be fool-proof, which means they will need disaster recovery processes in place. Look at factors such as Recovery Point Objectives (RPOs) which is the amount of data which would be at risk. So, if it’s backed up once a day then a day’s worth of data could be lost. Make sure you are clear about how long it will be before backup systems kick in.
- Data location
Use of data must be consistent with local legislation. The new GDPR regulations have made a number of small changes to the way in which data is transferred to third parties. The current data directive states that data cannot be transferred to a third party unless it has adequate security measures in place. GDPR adds a stipulation that a territory or sector within that third country must also provide adequate coverage.
- Problem resolution
From time to time all systems may experience problems. What counts is the way they are resolved. A good provider should offer quick customer support and fast response times. However, you should not take this for granted, and be clear about what you can expect in resolution provisions and the speed of the response time.
- Change management
Systems will need to be updated and new services are added. Look at how these can be integrated into a system. Many will provide automated updates to ensure their latest features are included. Any cyber security systems will also need to update themselves regularly to maintain compliance against the latest threats.
You expect every relationship to be as smooth as possible, but that’s not always possible. Look at the processes on offer for dispute resolution and the level of technical support they provide. You may also want to know about the exit policies and whether it is easy and straightforward to end a contract and if data can be transferred easily to the new provider.
If the provider breaks their own SLA, you must be clear on the remedy and the reparations you can expect. This should refer to the compensation you will be due if the cloud provider breaks their own SLA.
Some of the most common issues with hybrid clouds occur because the buyer wasn’t fully aware of what the SLA contained. When it comes to consumer technology, we all too often simply sign service agreements. That’s unlikely to work when it comes to enterprise cloud systems.