Be careful about your SLA

• Tweet
• Pin It

If you think that a cloud services SLA (Service Level Agreement) is like any other, then you are wrong. There are major differences between the two because of the very nature of cloud services. Understanding the differences is critical to getting good service. Here are some questions you must ask –

Who has control over the Metadata?

Things were simple when we were just hiring storage in the cloud, maybe a little simpler. Whatever data you stored in the space you hired was yours and you decided what to do with it.  But even in that situation, what about traffic statistics and performance figures? Who owns that data? With Software as a Service (SaaS), the situation got more tricky. It is obvious that the software generated data wass yours, but what about usage trends? Failed logins, user feedback and user preferences? Who owns that data?

Anyone can see that some of this data could be of great use to your company. But if you haven’t clarified this with your vendor in advance, they may not be duty bound to set up a collection and transfer mechanism. Therefore, this is something that needs to be clarified within your company before you sit down to negotiate with the vendor.

The Government wants to see your data – now what?

In most cases if the government really wants to see your data, you don’t have much of a choice and the same holds true for the service provider. Obviously, a court order will accompany the request but even then, there are some things that can be done to make your life simpler. First, ensure that the agreement with the vendor says that you are to be informed before the data is handed over. This allows you to challenge the order in court if required and ensure that if the legal rights of one of your clients are being affected, then you are able to inform that individual as well.

There is data that is controlled by regulatory provisions. Typical cases are financial or medical data. In such a case, your SLA must state this explicitly so that the cloud service provider can take the necessary steps to ensure that the data is accorded the correct protection.

How will Service Quality be measured?

The SLA must specify the uptime you want besides any other technical parameters (for eg. Read / write times) that are critical to you. However, it is critical to also say how those parameters are going to be measured and what would be the repercussions for not meeting those parameters.

Two further issues need to be clarified in the SLA – the first is data security. You have to make responsibility for security absolutely clear. The next is the termination of the contract. In many ways, this is more difficult than the initiation of the move to the cloud. It is obvious that in this situation you will only get that support which the vendor is legally bound to give. Therefore this section of the SLA has to be very clear. If you do not do this right, you might face major difficulties in even trying to make a copy of your data.

Related Posts

• 

  The legal profession and cloud computing
  The legal profession and cloud computing
• How well do you know your law?
  How well do you know your law?