What to Watch For in Your Cloud SLAs
Most SLAs allow your cloud vendor to have some permitted downtime, including scheduled maintenance. This may represent fairly significant period of time, but it is rarely quantified. In general, cloud vendors compensate customers for SLA breaches by providing service credits. To receive service credits, the customer must notify the vendor -- usually within five business days to 30 calendar days, depending on the SLA. Some SLAs give customers audit rights to confirm the SLA determinations.
Typically, service credits in cloud SLAs are limited to 25% of recurring charges, at most. Some SLAs assign a flat percentage to a failure to meet a particular service level, such as service availability (uptime). Others give the customer one service credit (equal to, e.g., 1/30 of the month during which the applicable service level was not met) plus additional credits for each increment (measured in minutes) beyond the permitted downtime. Service credits have value in that they can be obtained without your company having to prove actual damages as a result of the SLA breach.
In addition to addressing uptime/downtime, SLAs may exist for restore time, response time, specific transactions, and resolution of critical defects. Some enterprises even look to cloud vendors to provide a service level for user satisfaction.
Other key SLA concepts include measurement periods for unavailability (usually monthly or quarterly). This is typically defined as total hours during a measurement period minus permitted downtime in that period. Annual measurement periods are almost useless, especially if there have been persistent outages and the sole remedy is a credit (for a service that the customer no longer wants). Quarterly measurements are a better option than annual measurements. But they bring their own dangers: For example, if there have been outages in the first and second months of the quarter, it's possible that the vendor will still be able to provide the required availability for the total quarter, and thus not violate the SLA.
You should be aware of the limits of the SLA with your cloud vendors. An SLA is not a substitute for backing up your data or otherwise creating and executing a disaster recovery plan. In fact, some cloud services agreements contractually require the your enterprise to back up its own data, in addition to making it absolutely clear that the vendor is not responsible for such services.
About the Author
John Pavolotsky's legal practice focuses on technology transactions and other intellectual property matters at Greenberg Traurig, where he is Of Counsel. He works primarily with clients in the software, hardware, Internet, mobile, wireless and life sciences industries. All views expressed herein are solely those of the author and should not be attributed to Greenberg Traurig.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now