This content is part of the Essential Guide: The history of cloud computing and what's coming next: A CIO guide

As cloud's use expands, cloud SLAs more important than ever

The growing use of cloud technology doesn't dilute the importance of SLAs. IT leaders and analysts assert they may be more important than ever.

If you want to make IT pros laugh, try suggesting that the importance of service-level agreements is overblown when it comes to cloud services. "Well, that sure sounds like something a vendor would say," Merced College Director of IT Don Peterson said, enjoying a laugh along with his network manager, Arlis Brotner.

It was, in fact, something a vendor said. More specifically, it was the shared opinion of executives from top cloud service providers Microsoft,, Rackspace and Take a spin around the Web, read some blogs, and it becomes apparent the leaders from these companies believe CIOs put too much emphasis on cloud service-level agreements (SLAs), and claim that IT customers fret more about potential outages than about mastering the details of how the technology will be applied to and benefit their business.

Recognizing the business value of one's cloud service doesn't, however, diminish the value of an SLA, CIOs and many experts insist. As more cloud offerings enter the market and find their way into not just IT departments but business units across the enterprise, proponents of cloud SLAs say that getting base-level parameters in writing -- from uptime expectations to incident notification -- is a must.

Merced's Peterson takes the SLA very seriously. He recently oversaw the implementation of cloud-based storage to support the data demands of the California college's nearly 18,000 students, staff and faculty. "We wouldn't even think about [using cloud technology] without an SLA," Peterson said. "It's the ground rules."

Brotner, Peterson's colleague who researched and proposed that Merced turn to the cloud for storage, said base-level expectations have to be explicitly stated in writing. "It's not just about downtime; it's about response time, how quickly we report it and how they respond to it -- that's critical to have," he said. Otherwise, you're essentially left in the dark. Unlike with on-premises technology, there is no one to turn to with questions or with blame.

The basics of a cloud SLA

Gartner analyst Robert Desisto reviews the five most important elements of a cloud SLA.

  • General availability. You generally want to have 99.7% to 99.9% uptime; anything mission-critical has to be 99.9%.
  • Measurement period. Determine how the vendor quantifies its uptime performance. Is it measured monthly or quarterly?
  • What constitutes downtime? It's not the same for all vendors. It could be five, 10, 15 minutes, or more.
  • Incident notification. Be sure the vendor will notify you of a problem, not rely on you to report an incident.
  • Application of penalties. What is the financial remedy applied to you if the SLA is violated? Is it a percentage of fees or a credit on the following year's invoice? Or will they prorate your bill?

As it turned out, Peterson and Brotner were fortunate to forge a good relationship with their cloud storage vendor, Zetta Inc., which didn't balk at an SLA that included some finer points. "We needed it to really spell out how they were protecting our data, the redundancy, that it was encrypted in transit and in storage, all those things," Peterson said. "Some SLAs aren't quite so granular as that, but we needed that. It protects us and it protects the vendor."

A cloud SLA Bill of Rights for buyers

Indeed, the importance of cloud SLAs -- setting those ground rules -- is more important than ever, according to analyst group Constellation Research Inc. This week, the San Francisco-based firm is releasing The Enterprise Cloud Buyers Bill of Rights. Focused on Software as a Service (SaaS), the document includes 55 "basic rights" that CIOs should demand over the life of a cloud service.

Constellation Principal Analyst and CEO R "Ray" Wang said that with the majority of enterprise software now being consumed via SaaS or cloud deployment, CIOs have to apply the same rigor and expectations in adopting and negotiating these contracts as for on-premises software. Just in terms of customer experience, for example, three "critical rights" must be met: quality guarantees and remuneration, ownership of and access to data with no questions asked, and ongoing financial and risk management transparency.

And those rights go well beyond the ones demanded by the IT department. As Wang states, the relationship between the vendor and the "client" today often includes not just IT but the chief marketing officer and business executives too. Going from on-premises software to the cloud is a chance for a clean slate for the IT department -- not only in building a trusted relationship with the vendor but also building a strong partnership with the business units that are served by the cloud.

Analyst Robert Desisto at Stamford, Conn.-based Gartner Inc. concurs. With so many players now involved in procuring cloud applications, it's important that CIOs bring their SLA expertise to bear. "It's absolutely another reminder of how important it is for CIOs to know what's happening in the business," he said.

You still want some degree of confidence that your partnership will be driven, managed and evaluated on the vendor's ability to live up to this agreement.
Walter WeirCIO, University of Nebraska

The issues and legalities inherent in cloud computing are complex, to be sure, Desisto said. But there are some things that should be simple and straightforward. For example, some cloud applications are less mission-critical than others, and the lack of their availability might not harm a company, he said. But even for these less critical business apps, buyers must insist on reaching a written agreement on performance expectations. He's yet to meet the CIO who feels otherwise.

"The bottom line is, if vendors are so confident about their performance, why not put it down on paper? What is the resistance?" he said. "The resistance is they don't want to have the liability out there that they won't be able to perform as advertised."

Desisto won't get any argument about that from Walter Weir. Earlier this year, the University of Nebraska CIO and his IT team carried out a cloud migration that moved 13,000 staff and faculty members from an on-premises legacy Lotus Notes system to a cloud-based system. For him, those more specific details about business value were covered in a request for proposals. But, he said, that didn't diminish the importance of the cloud SLA.

"There's an understanding that stuff happens and nobody's going to go gunning for anybody unless it's drastic," Weir said. But you still want some degree of confidence that your partnership will be driven, managed and evaluated on the vendor's ability to live up to this agreement."

Let us know what you think about the story; email Karen Goulart, Features Writer.

Next Steps

SLA lessons learned from Amazon EC2 outage

Cloud SLAs and uptime guarantees

Secure identity management helps alleviate SLA concerns

Dig Deeper on Small-business IT strategy