A big question mark for cloud adopters
Due to service levels or the lack thereof, organizations are hesitant to move to the cloud. Vendors clear the air on SLAs for the cloud
We are currently at a stage where the IT world has seen its share of conferences, presentations, and in some cases actual adoption of what can be described the current favorite newsmaker, cloud computing. Some organizations have already moved to the cloud in some way or the other. While for others who are contemplating whether or not to deliver their IT from the cloud, Service Level Agreements (SLAs) are creating a fair amount of anxiety.
What’s known is SLAs in the enterprise goes by the name Quality of Service (QoS) in the cloud world. The QoS determines the percentage of its IT infrastructure an organization would be comfortable moving to the cloud.
Due to the perceived loss of control over the infrastructure and the potential loss of company data most organizations are wary of putting their core applications on the cloud. Cloud service vendors on the other hand, claim that they design their cloud infrastructure with the service levels in mind, some even promise higher uptime than that if the client had his IT hosted in house.
What are they worried about?
For starters, CIOs or IT heads in general, are largely worried about the availability of infrastructure. For organizations that handles customer intensive data, where the business is highly volatile, it can be catastrophic if access to the infrastructure goes down.
The cloud could become unavailable for several reasons – a hardware problem at the cloud provider’s end, network connectivity going down, etc. CIOs want vendors to consider these factors and offer an appropriate SLA.
* What if the cloud service goes down?
* What if the network connectivity goes down?
* Is there a back up in place in case a server instance goes down?
* Is there enough redundancy in place in case network connectivity to the cloud goes down?
* Is there a secondary cloud in place in case the entire cloud goes down?
Latency issues arising due to the remote location of and connectivity to the cloud, are the biggest performance related issues that could hound a CIO when adopting a cloud infrastructure. Also as the number of cloud users increase, the cloud service provider should ensure that the specified performance levels for the organization are not compromised.
Security and Compliance
This is probably the most important factor from an SLA point of view. With an organization placing its data or Intellectual Property (IP) on a third party site, it needs a greater assurance that its information is protected from threats, or leakage and that data is properly backed up well from a business continuity and regulatory point of view.
Some of the questions that an organization could ask from a security or compliance point of view:
* Is the data stored encrypted, not possibly accessible to other users of the cloud?
* Is there a backup available in case the data is lost?
* Is the data encrypted during transit between the cloud and the consuming organization?
* Is the data monitored and audited? Is there an audit trail of all access from the organization to the cloud?
* Where would be data stored? What would be the governing laws that would affect storage, access or ownership of the data?
Consider What is Feasible
Vendors believe that a lot of organizations have traditionally chosen to have their IT infrastructure hosted remotely, or co located with a service provider. They are hence confident of meeting the required SLA levels. However there are some components or factors specific to a cloud environment. In such cases organizations to have their expectations set early on.
Robert Stroud, VP Service Management Strategy, Service Management and Governance Evangelist, CA Technologies says “Though cloud service providers are typically experts in their domain and are capable of providing some strong SLAs, customers would need to set expectations and agree with them upfront.”
Stroud explains, “The cloud assumes Internet or some form of network connectivity as the delivery medium. This is a medium which cannot be strongly controlled. Hence one must set this expectation if he to consumer or deliver a service over this vehicle. The very premise of the cloud is idea of having optimum performance levels throughout the year. While the cloud provider will agree to this assumption he is not going to put it in a contract believes Stroud.
Stroud continues, “What I will want in a contract is that I should be able to get my data back if I change the cloud service provider. If the cloud provider goes insolvent (though unlikely), I will get my data back and it does not become the ownership of the vendor or any legal or statutory authority who takes over. I would also need an integrity SLA that my data would not be shared with others.”
An organization must also familiarize itself with the laws governing data custodianship. For example, a French company cannot use services of a provider who is from outside France since all French information is required to be contained within France.