When it comes to cloud services, many customers feel as though they may sail through a storm while their provider stays safely on land. This is because cloud contracts and SLAs tend to favour the provider and offer less assurance that your data will always be available and protected.
However, you can greatly reduce your risk by reviewing your cloud contract and SLA to look for some key concerns. Here are three signs that could indicate a storm is brewing in your cloud:
- The cloud SLA talks more about paying out than it does about its guarantee. Many cloud providers word their SLAs to offer as little as 10% payout on the monthly fee if something goes wrong with the service. However, will a 10% payout mean anything if you lose productivity and business due to downtime or a security breach? No payout truly compensates a customer for downtime. A payout is an indication of the vendor’s willingness to stand behind their guarantee. For cloud services, availability should ideally be measured on a per VM basis. The provider should have a number of redundancies in the service, as well an explanation of how the SLA is measured and the ability to report on SLA achievement.
- Your resources are not available when you need them. If you want to reduce your IT costs by using a public cloud, you must be aware that other customers may also be using the same resources. Public clouds are a bit like timeshares … the space that you’re paying for may or may not be available when you need it. When you’re looking into a public cloud service, be sure to ask how resources are made available and how many other customers may be accessing them. Mass-market cloud providers may have hundreds or thousands of customers using a small percentage of the overall capacity, while an enterprise provider may only have a few dozen customers using a larger pool of resources.
- Your resources are subject to foreign regulations. Because the data that you store in the cloud doesn’t exist on a physical server that you control, you may wonder exactly who has authority over your data. For example, is the data housed in Canada or another country? Is it subject to the U.S. Patriot Act? Can it be seized by a government without your consent? Do you have to comply with another jurisdiction’s privacy laws? It’s important to have answers to these questions spelled out before you sign a cloud contract.
In addition, you should always have someone from your legal or contracts department interact with the person in IT who is requesting the cloud service from the vendor. This will provide you with an extra level of protection before you sign on the dotted line.
What about you? What red flags would make you wary of a cloud provider? Leave your comments below.