1-888-317-7920 info@2ndwatch.com

Get Yourself the Right Cloud Provider SLA

Making sure your cloud provider is giving you what you need is based on a Service Level Agreement (SLA). This wasn’t so difficult in years past because off-site computing was usually about non-critical functions like archive storage, web serving, and sometimes about “dark” disaster recovery infrastructure. Keeping mission-critical infrastructure and applications in-house made for an easier time measuring service levels because you had full visibility across your entire infrastructure, knew your staff capabilities, your budget, compliance needs, and your limitations. But the cloud is allowing companies to save significant money by moving more and more IT functionality into the cloud. When that happens, SLAs not only change, they become very important, often critically so.

A cloud SLA can’t be accepted as “boiler plate” from the customer’s perspective. You need to carefully analyze what your provider is offering, and you need to ensure that it’s specific and measureable from your side. Not every provider can give you a customized SLA, especially the largest providers; but most, including AWS, can give you augmented SLAs via partners that can be more easily bent to your needs. If you’ve analyzed your provider’s standard SLA and it’s not cutting the mustard, then working with a partner is really your best option.

The most common criteria in an SLA is downtime. Most providers will offer “five 9s” in this regard, or 99.999% uptime, though often this is for cloud services, not necessarily cloud infrastructure. That’s because cloud infrastructure downtime is subject to more factors than a service. In a service model, the provider knows they’re responsible for all aspects of delivery; so similar to an internal SLA, they have full visibility over their own infrastructure, software, datacenter locations and so on. But when customers move infrastructure into the cloud, there are two sides of possible downtime – yours and theirs. Virtual networks may crash because one of your network administrators goofed, not necessarily the provider. Those issues need to be resolved before help can be provided and systems restored. It’s very important that not only this situation be covered in your SLA, but also the steps that will be taken by both sides to resolve the issue. A weak SLA here gives the provider too much leeway to push back or delay. And on the flip side, your IT staff needs to have clear steps in place as well as time-to-resolve metrics in place so they aren’t the resolution blocker either.

Another important concern, and often an unnecessary blocker to the benefits of cloud computing, is making sure your applications are properly managed so they can comply with regulatory requirements specific to your business. You and your customers can  feel safe putting data into the cloud, and compliance audits won’t give your architecture unnecessary audit problems. We’ve seen customers who thought this was a show stopper when considering cloud adoption, when really it just takes some planning and foresight.

Last, take a long look at your business processes. Aside from cost savings, what impact is the cloud having on the way you do business? What will be the impact if it fails? Are you dead in the water or are there backup processes in place? Answering these questions will effectively provide you with two cloud SLAs: The providers and your own. The two need to be completely in sync both to ensure your business as well as making your cloud adoption a success and keeping the door open to new opportunities to leverage cloud computing.

As I mentioned earlier, a good way to do this is to work with one of the larger cloud providers’ value-add partners. With AWS, for example, you’re able to work with a certified partner like 2nd Watch to purchase tiered SLAs based on your needs that build off the SLAs offered by AWS. For example, 2nd Watch is the first partner to offer 99.99% uptime on top of AWS’ uptime SLA for all enterprise applications. We also offer both technical incidence response and Managed Services, which takes managing your applications off your plate, works to analyze possible technical problems before they happened, and will help ensure your application adheres to compliance regulations. For any of these offerings, customers can opt for Select, Executive, or Premier SLAs. Each of these has their own market leading uptime, problem response, and management service agreements so you can tailor an SLA based on your needs and budget.

-Jeff Aden, President


Agile and proactive use of the cloud

The companies that we are engaged with currently all share a few common traits and these companies see that their competition is not the same as it was 2 or 3 years ago. In previous years, the SMB market shared common competition, they new where the competitions offices were, they had clients in common where they gained market knowledge, and they could see the activities the competition was doing. Not so today. The SMB market is changing and the new competition is coming at them worldwide. Take software, years ago the barrier to entry was extremely high both in talent and in the infrastructure to develop, and deploy….this has all changed with the cloud. Talent is ready and eager to work, ideas are evolving, and infrastructure is inexpensive, secure, and reliable.

The companies that are embracing the cloud as a tool are more agile and proactive about driving their business. Most of these companies are experiencing huge and rapid growth. Why? They are able to respond to their customer needs, when the customer expects them to respond, and with more relevant information. They are able to do this because they have turned a cost center into a revenue generation tool and these businesses have more time to invest in what the customer wants. They no longer spend their time on break fix or capacity planning, they spend their time on what the customer needs.


Security and Compliance in the Cloud

I was reminded by many local IT leaders today while attending a Cloud information session that security and compliance is still top of mind when discussing Cloud IT.

The table below is the la research I have done into vendor claims around compliance.

As it seems is always the case with Technology, the devil is in the details.  If you have ever worked with PCI compliance you know that Infrastructure is just a piece of the puzzle.  Vendors like Amazon and Microsoft can and do meet infrastructure requirements for PCI compliance.  Does this mean that if I host my e-commerce site on Amazon’s EC2 Cloud Service I’m suddenly PCI compliant?  Not by Amazon alone.  You have solved some of the puzzle but you still have to deal with data storage, encryption, etc.  These are application level issues and things that Amazon’s EC2 does not address (by design).

It doesn’t mean Public Cloud Providers are not serious about security or compliance (quite the opposite actually).  It simply means Cloud providers are not silver bullets in the security or compliance category and you still need to engineer an appropriate solution to meet any security or compliance requirements you have.  Public cloud providers can still be used to achieve compliance across a number of initiatives.

Cloud providers add some impressive tools to your toolbox – use them wisely.