Monday, May 27, 2013

How to gain Leverage when Negotiating a Cloud SLA

Running Cloud-based Service is new reality in many IT organizations today. However, to avoid unwanted surprises, how to negotiate a cloud SLA becomes emergent challenge for even seasoned CIOs. What are the key areas to pay attention to in a SLA? How much room is there to negotiate with a cloud vendor when it comes to the internal controls and processes they already have in place? Though it largely depends on the deal size, the company and what you are looking for.Generally speaking, data availability, integrity and retention are the three most often discussed subjects in a typical contract and vary widely as liability is the chief concern.

  1. Availability: If businesses really need high availability,  you have to have a dialogue with vendors to understand what they can deliver. An SLA is a financial instruments not a technical one. If your application is business critical,  no supplier is going to give you an SLA which begins to compensate you for the business loss resulting from an outage. The best way to evaluate a company’s SLA is to have a conversation with them and look at how their infrastructure is architected. Also looking at their passed outages. 
  1. Integrity: It is wise to think of what is agreed in terms of how the SLA fulfillment will be measured. If the vendor commits to 99,9%,  however measured at their connection point to the whole big internet, which is common, it will say nothing about what service levels you and your users will actually perceive and you will likely spend much time with your stakeholders on what quality (availability) of service you deliver to your organization. Either way due diligence in better understanding how a vendor achieves their stated SLA is very important too. Some companies will offer a 99.999% uptime SLA with the understanding that their cloud offering is not engineered to achieve that level but they willing to accept the risk of paying violation penalties. 
  1. Retention: If cloud is part of your regular operation and you are willing to negotiate a term or revenue commitment with the cloud operator,  you can negotiate SLAs but keep in mind the most important thing to a vendor is not to lose your business so an "outage" clause that allows you to terminate the contract with little or no penalty may be the best way to manage the vendor. If there are multiple SLA failures throughout the term of the contract, or worse, then you can either choose not to renew the contract and find a new vendor or use those issues as leverage when negotiating new rates/terms. Larger vendors are more likely to improve their infrastructures and processes in a shorter amount of time given the amount of pressure their customers put on them. 
  1. Vendor Evaluation: When it comes to vendors, depending on their size and industry relationships, most have little room to budget when it comes to internal controls and processes as this all points back to their own expenditures and bottom line. However, if negotiations don't end up to your liking, seek a remediation clause that is comparable to a percentage of the contracts overall value.  SLAs need to have meaningful penalties so that vendor can fix the problem. However, there are larger aspects of of SLA's to consider when it comes to the legalities of liability/ ownership around data breaches that put companies out of compliance and can cost them huge fines 
  1. The extent of vigilance and sophistication of cloud service buyers/vendors are very varied. It's a multi-layered issue involving: (1) Proper upfront due diligence on service provider.(2) Ensuring Service Level Commitments align to the risks and criticality of the data/application running in the cloud - service providers will need to provide a spectrum (cost varied) SLA on different apps if they truly want to align to business need. Business critical apps versus dev environments demand reflect very priorities, SLA and cost. 
Thus, how to gain leverage?  Learn a little more about service management and use SLA for what they were created for as the paper which results from a real and deep business to IT dialog, and IT to vendor dialog as well. The goal is to build up the trust-based partner relationship for long term.


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More