Do you trust your cloud service provider?

If you ask five people to give a definition of cloud computing, you get six answers! This is a common joke about cloud computing. The same might be true if you ask cloud service providers about their service portfolio and service levels. Today, the cloud service provider market is very diverse. You find all kind of providers, from small local startups to large enterprises that are well known in the IT business.

Each of these cloud service providers might have their own set of services, business model and client base. Depending on their background, the understanding of Service Level Agreements (SLAs) and what they could mean for clients is completely different. There is no right or wrong here, but every client needs to make sure that the service provider’s perception of SLAs does meet the client’s expectations and requirements.

Penalty driven SLAs are useless!

Cloud computing is a service offering and SLAs are a valid way to describe what a client actually gets. So, we need SLAs to define a cloud service. However, the main question arising is how much is the given SLA for a specific service worth? How motivated is the service provider to meet the SLA?

Today, a common approach to make an SLA stronger is to tie penalties in case of missing. I can give you two reasons why I think penalty driven SLAs are useless:

  • Penalty driven SLAs are mainly agreed on critical workloads or infrastructures because these SLAs are more expensive than penalty free Service Level Objectives (SLOs). However, talking about important workloads, the agreed penalty will never ever cover the actual loss a client might have because an important or even critical system goes down.
  • Penalties on SLAs are financial risks for the service provider. And, this risk is usually priced into the service. So, actually, clients pay their own penalties over the duration of the contract.

But what can a client do to make sure to contract the right cloud service provider? One recommendation would be to analyze the cloud service provider’s understanding of SLAs and its background as a service provider in general.

A few questions to ask:

  • Experience and operational excellence — is the provider well known in the market for providing services, does he have proper processes in place, does he comply to industry standards (ITIL) and certifications (ISO, SSAE)?
  • Is being cloud service provider his core business or is that just something he does to utilize his IT equipment?
  • What is the typical client base and how important is his reputation as a service provider for him?

Summary

When choosing a cloud service provider, penalty driven SLAs shouldn’t be trusted blindly, but rather being verified as to how likely it is that those SLAs are actually met. Is the provider just gambling, or does his technical infrastructure, processes and culture give me confidence. A service provider that requires a $100 penalty for motivation to hold SLAs might not be the right choice!

Share
Comments: 2
Marcus Erber

About Marcus Erber

Marcus is an IBM senior IT architect and cross-brand technical consultant for cloud computing, following assignments as lead architect in a number of international outsourcing transformations and engagements.
This entry was posted in Managing the Cloud and tagged , , , , , , , , , . Bookmark the permalink.

2 Responses to Do you trust your cloud service provider?

  1. Susan Bilder says:

    You make a good point regarding the actual loss a client might have versus the compensation they would receive from an SLA. I would also ask to speak to their existing clients, and ask them about customer service, especially customer service during outages. Any cloud provider can have an outage – the important thing is how quickly they recover, and how well they communicate with customers.

  2. Dean says:

    For the first time personnel taking advantage of the cloud world, I am sure they will be worried about the risks their data/storage can have with a cloud service provider. I know I did. It is imperative you ask your provider all the questions you think could raise alarms as a non trust worthy provider – because at the end of the day data is data, and data is extremely important these days. Incorporating undercutting marketing regulations is a great way a cloud service provider can minimise consumers risk ideology.

Comments are closed.