Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013



Similar documents
The Practical Guide to Cloud Service Level Agreements. May, 2012

Public Cloud Service Agreements: What to Expect and What to Negotiate

Interoperability & Portability for Cloud Computing: A Guide.

Customer Cloud Architecture for Mobile.

Web Application Hosting Cloud Solution Architecture.

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Standards for Big Data in the Cloud

Legal Issues in the Cloud: A Case Study. Jason Epstein

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Checklist: Cloud Computing Agreement

How To Protect Your Data In The Cloud

Practical Guide to Platform as a Service.

Release 1. ICAICT814A Develop cloud computing strategies for a business

Cloud Computing: Legal Risks and Best Practices

Public Cloud Workshop Offerings

Cloud Computing Contracts Top Issues for Healthcare Providers

Cloud Consulting Services

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

LEGAL ISSUES IN CLOUD COMPUTING

Cloud Agreements: Do s, Don ts, and Cautions

Software as a Service: Guiding Principles

Checklist for a Watertight Cloud Computing Contract

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Cloud Computing and HIPAA Privacy and Security

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

Developing SAP Enterprise Cloud Computing Strategy

Cloud Computing. What is Cloud Computing?

Cloud Vendor Evaluation

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

CA API Management SaaS

Enterprise Governance and Planning

Managing Cloud Computing Risk

IBM Smartcloud Managed Backup

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, Mike Edwards (Chair UK Cloud Standards Committee)

2014 HIMSS Analytics Cloud Survey

CLOUD MIGRATION STRATEGIES

White Paper on Financial Institution Vendor Management

Evolving Technology Issues: Cloud Computing

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

Cloud computing. Advantages and disadvantages

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

How to ensure control and security when moving to SaaS/cloud applications

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Web Application Hosting Cloud Architecture

SERVICE LEVEL AGREEMENT

How To Use Adobe Software For A Business

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Security & Trust in the Cloud

SERVICE LEVEL AGREEMENT

Mobile App Developer Agreements

Cloud Computing Safe Harbor or Wild West?

Designing Cloud Computing Solutions for Integration with SAP

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

SERVICE LEVEL AGREEMENT: Shared Exchange Hosting

Recommendations for companies planning to use Cloud computing services

SERVICE LEVEL AGREEMENT

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Public Versus Private Cloud Services

Software as a Service Decision Guide and Best Practices

10 How to Accomplish SaaS

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers

Information Disclosure Reference Guide for Cloud Service Providers

Security Issues in Cloud Computing

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

W H I T E PA P E R. Cloud Migration Methodology -Janaki Jayachandran (Director of Technology) a t t e n t i o n. a l w a y s.

Top Ten Technology Risks Facing Colleges and Universities

How a Hybrid Cloud Strategy Can Empower Your IT Department

Cloud Computing. Introduction

Private vs. Public Cloud Solutions

Technology & Business Overview of Cloud Computing

Cloud models and compliance requirements which is right for you?

Transcription:

Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013

The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple cloud standards-defining bodies Establish criteria for open-standardsbased cloud computing 400+ Organizations participating 2011 Deliverables Practical Guide to Cloud Computing Cloud Computing Use Cases 2012 Deliverables Practical Guide to Cloud SLAs Security for Cloud Computing:10 Steps to Ensure Success Impact of Cloud Computing on Healthcare 2013 Deliverables and Projects Public Cloud Service Agreements: What to Expect & Negotiate Convergence of Cloud, Mobile and Social whitepaper Cloud Security Standards Landscape whitepaper Big Data working group http://cloud-council.org

CSCC Practical Guide to Cloud SLAs Practical Guide to Cloud SLA s: A reference to help enterprise IT analyze Cloud SLAs (Published in April 2012) 10 Steps to Evaluate Cloud SLAs 1. Understand roles and responsibilities 2. Evaluate business level policies 3. Understand service and deployment model differences 4. Identify critical performance objectives 5. Evaluate security and privacy requirements 6. Identify service management requirements 7. Prepare for service failure management 8. Understand the disaster recovery plan 9. Define an effective management process 10. Understand the exit process "Cloud service level agreements are important to clearly set expectations for service between cloud consumers and providers. Providing guidance to decision makers on what to expect and what to be aware of as they evaluate and compare SLAs from cloud computing providers is critical since standard terminology and values for cloud SLAs are emerging but currently do not exist. Melvin Greer, Senior Fellow and Chief Strategist, Cloud Computing, Lockheed Martin

Public Cloud Service Agreements Current Landscape Agreements offered by Public cloud providers often viewed as unsatisfactory for mission critical workloads Today, most Public cloud service agreements are weighed heavily in provider s favor Provider s liability is limited Burden is on consumer for SLA violation notification and credit request Common industry-wide terminology does not exist Difficult for consumers to compare guarantees and limitations across providers Language about service levels is often distributed among several documents Customer Agreement, Acceptable Use Policy, and Cloud SLA Difficult for consumers to locate critical clauses "Today, customers complain regularly that SLAs are just another form of vendor boilerplate and that it is difficult if not impossible to get much modification That doesn t mean we don t need SLA s; we do. It's important we make it clear what is going on now versus what we would like to see/influence for the future and when we are hoping that future will occur." Amy Wohl, principal consultant of Wohl Associates

Motivation and Contents Why Another Paper on Cloud Agreements? Pick up where the Practical Guide to Cloud SLAs left off, but follow the same 10 steps Help cloud adopters focus their efforts in areas where it is possible to discuss better language Base recommendations on a thorough analysis of actual agreement language Contents See at right 29 pages

Steps to Evaluate & Negotiate Public Cloud Agreements 1. Understand Roles & Responsibilities 2. Evaluate Business Level Policies Acceptable Use Policy (AUP) is primary artifact that requires thorough review Content Prohibitions Security Prohibitions Service Integrity Prohibitions Rights of Others Prohibitions AUPs have little consistency in wording although there is a clear pattern to the types of provisions they include Consumers should exercise caution and thoroughly review every provision before agreeing to an AUP: Clarity Brevity Completeness Focus Four specific polices, contained primary in provider s Customer Agreement, are key: Data policies Changes to services, APIs or agreements Suspension of services Limitations of Liability Data Policy: Specify physical location of content Cloud provider should not access consumer s data unless required by law Changes to Services, APIs, Agreements: Advance notice (30 days) Backward compatibility Suspension of Services Advance notice (30 days) Sufficient time to address (60 days) Consumer data will not be deleted Limitations of Liability Compare Aggregate Liability and Indemnification/Disclaimer clauses

Steps to Evaluate & Negotiate Public Cloud Agreements 3. Understand Service & Deployment Model Differences In general, service objectives specified in Public Cloud Agreements are very similar across all service models (IaaS, PaaS and SaaS): Availability is the primary objective included in all public cloud SLAs (regardless of service model) Step 4 highlights key observations & recommendations This paper focuses exclusively on Public Cloud agreements Private, Hybrid and Community Cloud agreements are out of scope 4. Identify Critical Performance Objectives Performance goals are specified in the Cloud SLA & have 4 key components: Service Commitments Credits Credit Process Exclusions Service Commitments focus exclusively on Availability for all service models Guarantees, Measurement Details & Observation Periods differ Credits are the sole form of compensation for missed service commitments Service credit calculations and maximum credit limits differ Credit Process requires cloud consumer to take specific action to receive credit Reporting timeframe & required information differ Exclusions similar across all provider SLAs

Steps to Evaluate & Negotiate Public Cloud Agreements 5. Evaluate Security & Privacy Requirements Security language is often spread among several documents: check for consistency and clarity. Most clauses obligate the consumer to protect the provider, not the other way around Ask what recourse you have if a provider decides unilaterally to interrupt your service due to an alleged violation Ask to be notified in case there is a security breach at the provider s end Ask what professional services you can get to help secure your content Ask about data restoration if an attack has deleted your content If you hold personal information about your own clients, how is it protected? Ask what measures prevent provider personnel from accessing your data 6. Identify Service Management Requirements Don t expect service agreements to specify much Be ready to perform your own due diligence to determine how the provider manages the levels of service Find out if the following are standard, optional, or not offered at all: Software maintenance / upgrades Backup/restore Disaster recovery (e.g., off-site backup) Data encryption Can provider change / remove components that impact your ability to function? Examine how availability and performance metrics are defined, and the impact on your business Certifications may be a sign of maturity

Steps to Evaluate & Negotiate Public Cloud Agreements 7. Prepare for Service Failure Management There is typically nothing in current service agreements Therefore, the burden is on the consumer Compensation is tied to the price of the service, not the impact on your business (as mentioned in Step 4) 8. Understand the Disaster Recovery (DR) Plan Use of a public cloud does not absolve the user from serious DR and Business Continuity planning Service agreements focus on limiting the provider s liability Together, these statements indicate an immature area, a need for serious discussion during agreement negotiation, and a need to plan your own measures

Steps to Evaluate & Negotiate Public Cloud Agreements 9. Define an Effective Management Process 10. Understand the Exit Process Agreements are typically silent about communication and escalation processes Potential areas for negotiation are: Regular status meetings Single point-of-contact designation Automatic notifications APIs or Web services for management queries In the absence of defined management interfaces, and for services that require strict notification, escalation and restoration procedures, public clouds may not be appropriate solutions Look for clear and manageable exit clauses Develop a migration plan in advance Look for one-sided terms, in which: Consumer pays a penalty to change provider Provider can stop the service at its discretion on short notice Think of how long it will take you to identify a replacement service and migrate data or applications How and when your data is removed from provider s systems is critical: Too early? Potential service discontinuity to your own users Too late? Potential security or privacy issues

Summary Expectations and Negotiation Considerations The contractual considerations contained in various forms directly influence cloud computing opportunities Read candidate cloud solution provider agreements early in the evaluation process Understand the specific definitions, constraints, limitations and credit policies Have open discussions with providers to identify areas of concern and what can be clarified, modified or negotiated Have open discussions regarding perceived gaps that may be critical to cloud consumers (Service Management for example) Recognize that the customization of agreements can adversely impact timeto-market and other cloud benefits Agreements are Critical Considerations, Providing Insights to the Future Cloud Relationship

Call to Action Join the CSCC Now! To have an impact on customer use case based standards requirements To learn about all Cloud Standards within one organization To help define the CSCC s future roadmap Membership is free & easy: http://www.cloud-council.org/application Get Involved! Join one or more of the CSCC Working Groups http://www.cloud-council.org/workinggroups.htm Participate in monthly web conferences for all members Review and leverage CSCC resources Practical Guide to Cloud Computing V1 http://www.cloud-council.org/10052011.htm Practical Guide to Cloud SLAs V1 http://www.cloud-council.org/04102012.htm Public Cloud Service Agreements: What to Expect and What to Negotiate http://www.cloud-council.org/publiccloudsla.pdf Security for Cloud Computing: 10 Steps to Ensure Success http://www.cloud-council.org/security.htm Impact of Cloud Computing on Healthcare http://www.cloud-council.org/healthcare.htm Socialize the Public Cloud Service Agreements paper

Thank You

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information