If you are an enterprise looking at moving a number of your business software applications from your in-house IT to the cloud , including the evaluation and assessment of service level agreements (SLAs) of the Cloud service providers as a part of your Risk management plan is of paramount important.
The primary objective of the SLA based risk assessment of a Cloud Vendor is to ensure high availability of your business software services on the cloud that ensures nil or minimal disruption and which provides the business continuity as per your set benchmark.
For instance , Amazon in its EC2 SLA cites a 99.95% availability during the Service Year of “365 days” which presents a probable risk that your services might go down for 4.4 hours in a year. Next, Amazon indicates that “In the event Amazon EC2 does not meet the Annual Uptime Percentage commitment, you will be eligible to receive a Service Credit as described below” . This eventually means that if in-case your services are down for whatever reasons ,it will make a service credit to you ,which if calculated may vary from 8.5 to 12.5 cents per hour.
In such a case, you must have to evaluate the risk of your liabilities , e.g. losing your productivity,revenues and customer relationship against the service credits you might receive if SLAs get missed.
When you have your business software running on your In-house IT set up, it was you who took the ownership of meeting the SLAs to the extent of meeting your business objectives. Now that you intend to move your IT operations to the cloud, the key questions boils down to
a) “Who provides stringent SLAs” so that your business is safe with the lowest risks
b ) “Who takes the ownership for your liabilities if the SLAs are missed”
For instance, Savvis a cloud services provider in their service brochure indicates a 99.99% high availability with continuous operation possibilities. Terramark in its online SLA documentation indicates a 100% availability with options for receiving service credits with specific terms if SLA’s are missed.
Bluelock , a Cloud hosting and services vendor providing different cloud options says in one of its blog mentions ,that you get what you pay for in terms of your cloud infrastructure choices and accordingly you have to evaluate your risks.
Essentially, you have to look at the options of de-risking your cloud based IT operations . If you are an enterprise ,its good that you now have more than one cloud services vendor to evaluate each competing to offer better SLA Terms . However, such a de-risking by choosing more than one vendor for your cloud transition should also be well aligned with your primary objective of lowering the IT costs of shifting to the cloud.
One of the major factors in determining and aligning the cost objectives and de-risking your cloud operations with more than one cloud vendor is to determine how critical is each of your business application software and its service that you intend to move to the cloud.
Non-Core ,less mission critical departmental applications may be moved to well established and proven low cost clouds that offers a reasonably good SLA while mission-critical business applications may be run on clouds that provide you with the highest availability and business continuity with better ownership of the liabilities.