The interruption in service to some of Amazon.com Inc.'s Elastic Compute Cloud, or EC2, customers last week prompted some sage advice for CIOs signing an enterprise cloud service-level agreement (SLA): Don't put all your eggs into one basket. It's critical to segment cloud applications to ensure appropriate levels of security, performance and redundancy.
"The key takeaway here is, not all clouds are equally equipped for all purposes," said Audrey Rasmussen, partner and principal analyst at Ptak, Noel & Associates LLC in Longmont, Colo.
CIOs should investigate the architectural and technical details of specific cloud offerings, and match functions to service requirements in the cloud SLA, Rasmussen said. "Business-critical services will require higher levels of redundancy and failover than non-business-critical services. Of course, there are usually higher costs associated with higher service levels, so IT will have to make the cost-risk-benefit tradeoff decision."
Cloud SLAs can be a challenge to construct
To at least one IT executive, that challenge seems heroic.
"The search for 100% availability reminds me of the Holy Grail," said Henry Mayorga, manager of networking technologies at Baron Capital Inc., a financial services firm in New York. "The more redundancy we try to add to our systems, the more complexity we create. If everything is properly connected and configured, the illusion of high availability exists -- until something is misconfigured, or a component fails in a way that was not expected. Then, finding out the cause of the failure is exponentially more difficult, and repairing it even more so."
Nonetheless, IT executives must insist on greater protections and be willing to walk away from a deal that does not meet their needs, as a matter of risk management, said Tanya Forsheit, a founding partner at Information Law Group LLP in Los Angeles, and an expert on cloud liability. "Those needs may be different for all enterprise customers, but each one needs to be prepared to negotiate and not accept the one-size-fits-all model proffered by many cloud service providers."
What will an outage cost you? Know before you sign that cloud SLA
CIOs should do a risk assessment to determine the cost of a cloud service being unavailable, said Phil Kramer, chief technology officer at Systems Solutions Technologies LLC, a consultancy and systems integrator in Old Hickory, Tenn.
Judith Hurwitzpresident and CEO, Hurwitz & Associates LLC
"If it were users' server directories not having a backup for one night, that might not be a big deal unless the server dies as well -- low risk," Kramer said. "If it were the 'family jewels,' and the server crashed without a backup, it could mean your job and worse for the company. If your [cloud SLA] cannot guarantee your access to the data, then you have a very flawed mechanism in place."
If a cloud is being used only for testing and prototyping applications, a high level of redundancy is not that important, according to Judith Hurwitz, president and CEO of Hurwitz & Associates LLC, a consultancy in Needham, Mass. "If the company is using a cloud service to support customer-facing applications, they have a responsibility to ensure that if a service goes down, there is a backup plan and strategy," she said.
Once a company identifies the level of availability each application requires, it then can look for solutions. These could range from temporary in-house backup to multiple service providers and rapid switchover in case of failures, according to Vinoo Jacob, product manager for data services at Vector Ltd., a network infrastructure service provider in New Zealand.
Events like the Amazon.com crash will force customers to demand more from their service providers, Jacob said. "While it is a pain in the short term, it will help in bringing more clarity in the definition and evaluation of cloud services in the future. More than questioning the decision to go the cloud, it will question how you evaluate and put in place a cloud-based infrastructure," he said.
The bottom line is that cloud services and SLAs change a CIO's role, Ptak, Noel's Rasmussen said: "Instead of only managing the IT services delivered by his or her organization, the CIO must strategically oversee and manage internal and external services to ensure that they seamlessly deliver the necessary and appropriate service levels and functionality required by the business."
Let us know what you think about the story; email Laura Smith, Features Writer.