Today Forrester Analyst Vanessa Alvarez made a tweet that got me thinking about the state of public cloud marketplace.
Even though I have been hearing the same about SLAs from people I am talking to, this tweet by Vanessa confirms that it is a broader trend in the enterprise IT as they plot their move to cloud computing.
Right now, the public cloud providers take no responsibility for the security or reliability of the service. They are being let to have a free rein with any loss due to outage or security being the responsibility of the users. I thought this will change as more and more enterprises adopt to public clouds. Looks like it is not the case till now. I am a bit surprised at this trend because the biggest enterprise concern towards cloud computing is the lack of control and the associated issues.
Yes, in many cases, SLAs are just papers without any tooth to it. Yes, the compensation offered through SLAs are peanuts compared to the loss incurred by the customers. Yes, public cloud providers cannot offer great SLAs while also offering the services at such low costs. I full understand and appreciate that. However, I cannot fathom the fact that public cloud providers take no responsibility for the loss incurred by the customers in the event of an outage or security breach. When I outsource my IT, I would expect the service provider to take up the same responsibility I would have had while keeping IT in-house. If SLAs are the not the tools to enforce it, then what is the tool that is going to protect the rights of cloud customers?
My views on this topic is evolving and I expect SLAs to become important in the federated cloud ecosystem I am expecting to see in the coming years. I even think that SLAs might turn out to be a differentiating factor in the federated marketplace. The SLAs as we know it today may be just papers worth nothing but I expect an evolution in our thinking on SLAs in the coming years. I would love to hear your opinion (especially, from the enterprise buyers) on this topic.
Related articles
- Tough Questions To Ask Cloud Service Providers (informationweek.com)
- Amazon EC2 Failures Are a Wakeup Call for Cloud Customers (aujasus.com)
- Choosing the Right Cloud Vendor as an SMB (businessinsider.com)
- Be happy in the cloud with the right SLA (go.theregister.com)
- Amazon SLAs Didn’t Cover Major Outage (informationweek.com)
- Cloud Customers Must Understand Weak Points (informationweek.com)
- Cloud Computing For SMBs: 3 Questions, 3 Requirements (informationweek.com)
It’s up to the enterprises to insist on it. 25 years ago, enterprise mainframe software vendors were getting away with terms unthinkable today. I was on the vendor end negotiating deals and clients eventually set IT purchasing guidelines and got smart with negotiating. (anyone remember the demise of requiring the client to stay on software maintenance renewals that increased in price every year, or they lose the right to use their perpetual license to the software?)
As these public cloud companies mature, and the market matures, they will cave on terms presented by buyers for fear of losing the deal. Unfortunately, the threat of losing a large deal is the time they are willing to put resources into changing their template contract and terms, and paying attorneys.
I do agree there is only so much liability they can take on compared to federated or private cloud, and that will be a distinguishing feature in the future.
The buyers need to be educated, adopt minimum terms or even their own standard contract, and put pressure on the vendors.
I’ve been reading your blog since the beginning. It is one I enjoy the most. Please keep it coming!
Thank you Jacqueline. I appreciate your comment.
Yes, I fully agree with your comment and on the fact that the users need to be educated so that they put pressure on the vendors.
May be way off base here, but…
In public cloud, what role does sound devops and system architecture have in service levels? The US-East outage in April brought some services down, but not all. Netflix, if I’m not mistaken, was designed to span availability zones and thus hobbled through.
In public cloud, software can play a big role in reliability. Design for failure. Thus, don’t users bear more responsibility for uptime than perhaps they’re used to accepting under the SLA paradigm?
Of course, if someone is moving to public clouds, they better design for failures. The issue is about what level of responsibility the service provider is willing to take. Let us say even if I design for failure and use different availability zones/regions, things can still go south. We need to get public cloud providers to take more responsibility than what they are doing now. Also, let us keep in mind that if we use multiple regions for our applications, the cloudonomics goes out of the door.
I think there is scope here for system integration companies come in and act as a buffer to the raw power the cloud companies provide. They could offer the SLA by spanning multiple clouds from multiple providers – AWS, Rackspace, etc – or private clouds based other technologies like Cloud.com, Eucalyptus, OpenStack etc. RightScale allows you to develop your application to be somewhat cloud agnostic, and their platform will allow you to launch your servers any cloud, or even spanning multiple clouds.
With this force in the market astute companies can come in and offer SLAs to the customer, based on straddling multiple clouds for disaster recovery, or to ensure the most cost effect cloud resource is used for the application.