Tech Lover 9

The cloud is changing the way companies look at IT, but it has also become a buzzword. An unscrupulous vendor might take advantage of someone who is eager to jump on the cloud bandwagon. Even if you don’t understand exactly how the technology works, there is one way you can protect yourself: with a service level agreement (SLA).

SLAs are essentially a service contract in which you predefine what is acceptable and you agree on what happens when performance falls below these levels. When you use common metrics to define these levels, you can ensure that your vendor’s performance remains in line with your business needs.

Common Metrics

At a minimum, make sure that your SLA addresses these five metrics:

1. Availability: Your data should always be available in the cloud and it should never go missing. You want availability to be as high as possible.
2. Turn-Around Time (TAT): Time taken to complete a certain task. You should ensure the average TAT will not disrupt your business operations.
3. Mean Time to Recover (MTTR): Time taken to recover after an outage of service. The average downtime from a SAN failure is 114 minutes – but you should know how long your business could continue without access to your data.
4. Uptime: Uptime refers to how long the system has been continuously running. It may include the percentage of network uptime, power uptime and number of schedule maintenance windows.
5. Composite Metrics:  These metrics vary – this is where you have the opportunity to define formulas for metrics that directly affect your business, like average response time, transactions per hour and network latency.

Any additional metrics should help measure, monitor and report on your cloud performance as it relates to your end user experience, network performance, and the system’s ability to consume resources.

What should your contract address?

1. Data Storage/Volume: Address your data exchange rate defining the amount of data coming in and going out, peak transaction rate and usage volumes.
2. Security Incidents: Address the type of security identification you would like. Most cloud services now provide active directory federation services that allow you link your active directory to the cloud and set up permissions for your departments. This saves your company time from manually entering your employees’ information. Or you set up two types of account one that is for an average user and one that is for administrators. But these identities need to be addressed prior to deployment.
3. Maximum Outage Time: This is the time your company has defined to the vendor that your business can operate efficiently without the cloud. Without this defined in the contract, it’s hard for businesses to maintain continuity if an outage occurs.
4. Checks and Balances: Institute checks and balances between metrics. Consider each service level in the context of the overall SLA framework and outcome you want. Address any potential adverse incentives with a counterbalancing metric.

Cloud computing is still a pretty new technology that most companies aren’t aware what they should address in their contracts and typically sign a standard “black box” cloud model where customers give up the right to direct how and when most tasks are performed. Before signing up with a vendor make sure you address your concerns, deliverables and are meticulous to ensure limited business interruption.