The other day I came across a blog post from attorney Don Pepper about public cloud provider’s SLA’s and some unintended consequences they might create Pepper explained that it is becoming more common to see SLAs expanded to cover issues beyond simple service downtown – some SLAs now cover data loss, network failures and notice of maintenance breaches. At first blush, this would seem to be a good thing – cloud vendors are giving customers more certainty over their service, and making allowances for when things go wrong.

Pepper however suggests that the reason that vendors are broadening SLA provisions is to reduce their liability in the event of these other types of failure. The way some SLA contracts are written, the existence of the SLA reduces or removes the ability for customers to seek other remedies beyond the service credits that SLAs are generally structured upon.

Pepper details a particularly worrisome example of where this could lead, as he wrote:

…say the vendor fails to apply a security patch and that misstep results in the unauthorized disclosure of the user’s company’s sensitive and confidential data. The damage to the user’s business may be truly significant and costly, but if the vendor has incorporated service credits as the user’s exclusive remedy for such a breach, the user’s only recourse is to get a discount on their next monthly bill

We live in interesting times for cloud computing – the unmasking of the widespread Governmental spying on private and corporate data has got people concerned about utilizing cloud services. The fact that some vendors would appear to be complicit in providing back doors that the NSA can take advantage are bad enough. The fact that some SLAs customers agree to may very well reduce their ability to seek redress in that event is yet another concern.

Cloud customers need to spend time reading the fine print – while vendors may pitch a broad SLA as a chance to protect customer’s best interests, it’s important to look at the downstream problems that these moves can make. As ever, it is a case of caveat emptor.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

  • Cloud SLAs are notoriously weak. The compensation they provide is replacement time for any outage, but that can’t touch the customer’s lost during an outage.

  • Well, in general SLAs for cloud service providers are written to protect the provider and limit the recourse of the customer to specified remedies. I’m not sure why you would think it would or should be otherwise.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.