Why It’s Important to Review Cloud Service Level Agreements

In early January of 2015, Verizon informed users that it would be shutting down Verizon Cloud for maintenance – for up to two days. Users would have no access to data, applications, stores or anything else in the cloud during the planned downtime. It’s not uncommon for a cloud service provider to schedule maintenance, but asking organizations to do without cloud services for up to 48 hours was viewed by many as excessive and unacceptable.

The cloud can provide a number of business benefits, from greater flexibility and productivity to reduced operational and capital costs. But you have to do your homework. When you see availability or uptime guarantees of 99.999 percent, you need to find out what exactly that means. For example, Verizon’s planned downtime was not covered by the service level agreement (SLA), and Microsoft has required hosted email users to mitigate risk of service degradation by using cloud email when Outlook is down.

In some cases the cloud service may be available, but your applications are down. The service provider only “guarantees” their services. Also, regardless of what the SLA says, unplanned downtime is inevitable. In most cases, your only recourse is to request a partial credit. Quality of service issues are another sticking point. Many SLAs guarantee availability, but not a minimum level of service, so performance degradation isn’t covered. Unfortunately, too many organizations sign up for cloud services without understanding or even reading the SLA. They let the service provider set the terms of the agreement.

There are a number of factors that should be addressed within the cloud SLA. What is the minimum availability and quality of service that you should expect during and outside of business hours? How are your data and applications being secured? How does the provider maintain regulatory compliance, and who is at fault in case of non-compliance? How is data being stored and backed up, and what is the provider’s disaster recovery process? What type of support is and is not included? What is the process for managing changes to your cloud services?

If the cloud SLA is violated, how will a dispute be handled? What are the processes for escalating and resolving issues? If you want to move to a different service provider, what steps will your existing provider be required to take to ensure a seamless transition of services, and how will you get your data back? Some components of the SLA can be negotiated, but outright refusal to cover any of these points should be considered a red flag.

In order to avoid confusion and costly disputes, it’s a good idea to have an attorney review a cloud SLA. If you’re negotiating a custom agreement with a service provider, an attorney can guide you through the process. Even if you’re considering a public cloud offering, which typically leaves little or no room for negotiation, an attorney can help you understand the terms of the cloud SLA. Finally, an attorney can make sure you’re protected if the SLA is violated, explain your mitigation responsibilities, and help you understand how to get out of the agreement and the risks involved with your exit strategy.

Technology law is a core practice area of Whitehouse & Cooper. If you’re considering cloud services for your organization, contact us to review your SLA so you can better understand the terms and the potential impact on your business.