A CIO's guide to cloud risk management
A comprehensive collection of articles, videos and more, hand-picked by our editors
A detailed and clearly defined blueprint for purchasing cloud services isn't a nice-to-have -- it's a necessity. A service-level agreement (SLA) functions as this roadmap for both the customer and the cloud service provider: It not only defines expectations around the provider's level of services unique to the customer and offers stopgaps should a service fail, but also details the customer's rights and responsibilities.
Developing clear SLAs is crucial because a cloud computing infrastructure, like any other, is susceptible to unforeseen problems, which can range from security breaches to availability issues to legal risks and more. Not adequately setting each party's responsibilities against your business requirements in a cloud contract might set up your organization for unwelcome surprises. In a disaster, for example, it's important to ask the provider questions around its level of transparency with the customer, said Larry Carvalho, a consultant at RobustCloud LLC, in a tip on our sister site, SearchCloudComputing. "The answer to these questions may be surprising. While you might expect otherwise, in the event of failure, the onus is often not on the provider. It can be up to the customer to identify a service failure and its impact," he said.
In SearchCIO's recent cloud provider-themed #CIOChat, Larry Bolick, CIO at Aquent, and other participants sounded off on the importance of carefully crafting cloud SLAs to best communicate enterprise needs to cloud providers.
How can corporate IT better communicate needs to cloud service providers?
Before signing a cloud contract, companies need to do their homework and identify their specific business requirements, Bolick said:
Defining problem is 1st step to solution. But, most vendor websites list the products/services they've got, not solutions. #CIOChat— Larry Bolick (@lbolick) July 30, 2014
Because many providers' websites only list the services and products they offer, IT leaders should establish key performance indicators that are specific to their business' requirements, such as maximum downtime tolerance, acceptable latency levels and the necessity of constant access to corporate data.
SearchCIO Senior Managing Editor Rachel Lebeaux agreed with Bolick, tweeting that an explicit SLA makes an organization's expectations clear to the provider. Participant Tim Crawford warned that SLAs can be tricky:
IT leaders should confirm SLAs' coverage in terms of how the provider will credit their organization in the event of a breach of contract, for example. "In general, SLAs won't actually help you recover anything in the event of an SLA violation," Chris Moyer, vice president of technology at Newstex, explains on SearchCloudApplications. "For that reason, it's important to identify your own recovery steps to prevent provider outages from costing you money."
Preparations in case of outages are but one of many potential issues that should be specified in a cloud SLA:
Be specific. For example, "Security" not only refers to frontal attacks on user portals, but to account and domain hijackings too. #CIOChat— Larry Bolick (@lbolick) July 30, 2014
Speak to providers with a 'unified voice'
When considering the cloud, it's essential that IT establish relationships with business managers so that everybody's goals are aligned before signing off on a cloud contract:
Also, speak with unified voice. Not just single client to single provider, but group of clients to provider executives. #CIOChat— Larry Bolick (@lbolick) July 30, 2014
One group of business managers CIOs might want to work with: procurement professionals. "They're like the important quarterback in these negotiations," Cynthia Nustad, CIO at Health Management Systems, told SearchCIO Features Writer Kristen Lee. "You need a third party from the outside looking at the vendors without any bias."
Crawford and Bolick brought up some caveats, however:
A3. Procurement has its place for large orbs, but not nearly speedy enough to match pace of cloud providers. So, another hurdle. #CIOChat— Larry Bolick (@lbolick) July 30, 2014
How are cloud providers accommodating digital enterprise needs?
Digital technology is constantly reshaping organizations' infrastructure, business processes and operations. Tweet jammers weighed in on how cloud providers can keep pace, starting with cloud peering issues:
A4. Another example. Diversified access to circumvent peering relationship issues. #CIOChat— Larry Bolick (@lbolick) July 30, 2014
Want to share your two cents on contracting with cloud service providers? Let us know in the comments section below.
Cloud providers discuss the ins and outs of SLAs
Growing use of cloud means SLAs are more important than ever
The need for cloud insurance and identity management