Cloud SLAs: a review of current contracts

Last week I spoke about Cloud SLAs (Service Level Agreements) from a technical point of view, and to back my opinion I cited Gartner’s analyst Lydia Leong’s post that states that Amazon Web Services (which Gartner recently named a market-leader in infrastructure as a service cloud computing, and I think everybody agrees) has the dubious status of “worst SLA of any major cloud provider” and that HP’s newly available public cloud service could be even worse. Let me remind that the main reason (but not the only one) for this statement is the strict requirements of service architecture forced by Amazon and HP. As stated, this isn’t the only reason: besides SLAs are also unnecessarily complex and limited in scope.

Moreover in an amazing post titled “SLA feather allows you to fly in the cloud” another Gartner analyst, Jay Heiserm, uses the Disney’s cartoon Dumbo analogy, and he remind us that AN SLA IS NO MORE THAN AN EXPRESSION OF INTENT; IT IS NOT EVIDENCE OF DELIVERABILITY; in fact, an SLA from a public cloud service promising some sort of recoverability can be a crow feather, clutched in the trunk of the enterprise elephant, providing them the false courage to be willing to fly in the public cloud.
 

Another Jay Heiserm’s post (“Bulletproof Contracts“) summarizes some contractual terms provided by a SaaS prominent vendor and that I copy below (including funny Jay’s comments):

• We believe that we obey the law. If there are any questions pertaining to how your data is handled within our system, it is YOUR problem.
• We won’t give your data to the police. Unless we do give it to the police.
• When this contract is over, you may have the ability to get your data back, but that is YOUR problem, not ours.
• If one of your customers contacts us, we won’t give them anything. Unless we are forced to give them something.
• We will store the data in whatever country we want.
• We might have third parties help us with this, and they of course would be held to the same weak levels of standard as we contractually obligate ourselves to follow.
• You the customer are obligated to obey the law at all times, even if you have no idea what that may entail. (Guess what happens if there is a dispute with us and our lawyers can find some way to demonstrate that you didn’t completely follow the law.)
• We will follow appropriate security measures—as understood by us.
• We will back up your data at least once a week, we will review our procedures periodically, although this seems unnecessary, given that none of these procedures were knowingly designed to fail. If we have the slightest plan for testing our ability to recover, we are not sharing it with you and we hope that you won’t ask that question.
• If any of our support personal ever accesses your data, by definition, it is necessary access.

Finally, copying again but now from NetworkWorld, I analyze the contracts usually signed about SLA cloud, the terms they include, what is its impact, and how often they are present in the current cloud contracts.

All these point are summarized in the next table (please note that I only have copied the NetworkWorld’s data in a table, so for a more accurate a big explanation you should read the NetworldWorld post):

 

Note: Encryption related clauses are not present because in my opinion currently they are either a new service itself, or a differentiating service feature.