As more enterprises adopt more cloud for important applications, they’re finding they’re dealing with new types of relationships, unlike anything they’ve encountered before. Unlike software purchases in the past, there’s no longer an up-front installation, followed by tech support as needed. Instead, the relationship is more akin to a marriage in which the spouses not only live together, but also work together all day long — 24×7. That means a highly co-dependent relationship. So cloud consumers need to expect their providers to have well-functioning data centers, running in top form at all times.
That’s why if you want your cloud engagements to succeed, it’s important to set expectations as early and often as possible, and be ready to hold vendors’ feet to the fire when things aren’t working out well. This evolving relationship cloud engagements was explored earlier this year in a panel held at Cloudscape VII in Brussels, led by Joe Weinman, author of Cloudonomics: The Business Value of Cloud Computing.
Service-level agreements, or SLAs, are the heart and soul of any cloud engagement. Long used as a tool for ensuring delivery of technology-based services between IT departments and business users, these contracts set expectations up front between providers and consumers. But SLAs aren’t what they used to be. Robert Bohn, cloud computing technical program leader at the U.S. National Institute for Standards and Technology (NIST), laid out the essential elements of a cloud engagement. All SLAs should include business-level objectives such as roles and responsibilities, requirements, operational policies, continuity, limitations, financial terms, and a glossary of terms, he explained. On a more technical level, SLAs need to include resources, performance indicators, descriptions, and security details.
Cloud security is still a great unknown, and typically does not get adequately addressed in most SLAs established today, said Jesus Luna Garcia, research director of the Cloud Security Alliance. “Historically speaking, most SLAs were based on performance metrics,” he explained. “There are a lot of performance related metrics on SLAs. But what about security?” The difficulty is there are no standards or common practices for measuring security at this time, he states. “Not all the security properties, or metrics, can be automated. Some of these we need human intervention, which is different from performance indicators.”
Security is an important piece of the three-part process that forms a successful cloud relationship, Bohn said. “One, you decide what you want to do, so you lay out your business and technical requirements. Then you work with your cloud provider, or cloud providers, on the requirements that you’re looking for. SLAs should connect your decision making process and your provider together. And you’re going to use metrics to see if the objectives in the service level agreement are actually met.”
Some essential considerations for the SLA terms include “what type of logging you want to use, and data presentation and location,” Bohn continues, who then addressed an important security consideration. “What happens if there’s an event in which some other nefarious activity happens on the cloud that you have nothing to do with, but because of the multi-tenancy on the cloud, you might be on the same set of servers or hard drive. You want to make sure you still have access to your data.” Finally, Bohn said, an exit strategy needs to be discussed up front before any contracts are signed. “At the end of your contract you want to make sure that you have a way to get your data back out. It’s something that people don’t discuss.”
The economic model for cloud also weighs heavily on expectations — is it a commodity that can be switched on and off, and priced accordingly? James Mitchell, CEO and founder of Strategic Blue and a former commodities trader, says there is a strong commodity aspect to the cloud market, but there are also value-added aspects that need to be considered as well.
Many people associate cloud computing as a utility, similar to electricity, that can be accessed by simply plugging in. Indeed, as Mitchell pointed out, there are similarities — “it can be used on demand, the capacity is perishable, if you don’t use it, you can’t use it later on, and you can produce it lots of different ways.” However, Mitchell also pointed out, there’s an important difference as well — while electricity is electricity, no matter where it comes from, cloud services can vary greatly, and are delivered at varying levels of quality. “Adjustments have a price attached with a quality difference,” he said. “SLAs and standards need to flow into the price.”
This article was written by Joe McKendrick from Forbes and was legally licensed through the NewsCred publisher network.