The Do’s and Don'ts of Signing Service Agreements

Cloud consulting is a great service tool to aid in identifying what you need from a cloud solution. But in most cases, the consultant is a representative of a vendor. While consulting is a viable resource for cloud consumers, they may have a biased opinion about who should host your new solution. Before you place your pen on the dotted line, there are a few additional pointers we strongly recommend you consider.

Do the math:

Uptime is perhaps cloud computing’s biggest buzz word. It refers to the amount of time an IT solution is fully functional and accessible by users. Cloud providers often try to grab your attention by guaranteeing a certain percentage of uptime in their service agreements. Pop Quiz: Is a 99.5% uptime guarantee an acceptable standard for a cloud services provider? Answer: No… at least, not in our opinion. Let’s look at the calculations:

• 365.25 days per year (plus leap years) x 24 hours in a day= 8,766 hours per year
• 8,766 hours per year x .005 down time= 43.83 hours of down time permitted per year

If the 99.5% guaranteed uptime is calculated per year, it works in the provider’s favor. They have 43.83 hours of downtime they can “cash in” at any time over the year. For example, if you are down for 40 hours during a single business week, it can have a devastating impact on the client. However, because uptime is calculated annually, the provider is not penalized at all so long as the client’s solution is functional for the rest of the year (in addition to the remaining 3.83 hours of downtime the provider has to spare). But what if the provider calculates allotted downtime monthly, instead of yearly?

• 43.83 hours of downtime per year/ 12 months ≈ 3.7 hours of downtime permitted per month.

A monthly uptime calculation works to the client’s advantage because it holds the provider to a strict performance standard. If the solution is down for more than 3.7 hours in a single month, then the client is issued a credit. Of course, most providers calculate uptime annually. But, a good way to confirm their reliability is to talk to existing clients. Their experiences with the provider are a good way to measure what yours will be like.

Don’t confuse uptime with response time:

There is more to hosting a cloud solution than maintaining 24x7x365 availability. Hosted IT environments require a qualified technical support team to troubleshoot and monitor cloud applications.  The last thing you need is to be on hold indefinitely, waiting for technical support during your hours of operation. In the service agreement, there should be a clause about response time expectations. Make no mistake, within 24-48 hours is not an acceptable time frame to wait for IT support. If a cloud application is causing a problem that has you in a business down situation, a 24-48 hour response time would be disastrous for your organization’s production. Furthermore, a guaranteed good response time is useless if the support representatives are inadequate and thus unable to resolve your issue. In other words, even if a provider guarantees a 2-4 hour response time, they can satisfy that obligation with a simple call-back. Dig deeper. Always ask about the qualifications of the provider’s support staff.

Do your due diligence on security:

When it comes to data storage security, most cannot afford to compromise.  Security measures are typically outlined in the service agreement in many areas. First, look for the vendor’s redundancy processes. Do they have multiple fail-safes in place at their data center locations? How often do they perform data backups?  Redundancy is not only a key element of uptime and availability, but it also prevents data loss. Second, consider the integrity of the hardware infrastructure used to host the cloud solution. Is the equipment rated in the top tier levels according to FIPS 140 compliance? In other words, does the equipment support data encryption and other tamper-resistant efforts? Is the hardware up-to-date or would industry professionals consider it too old and thus obsolete. The third thing to consider is the physical security in place at data center locations. How many people have access to the data center? How thick are the structure’s walls? Does the data center incorporate biometric security technology? Is there 24x7x365 surveillance on the premises? Keep in mind, you will likely not have access to the hosting site or data center. The only way to know the details of a provider’s data storage security measures is to thoroughly explore the details of the service agreement.

Do prepare for the worst:

Unfortunately, the reality is that we live in a chaotic world. While data centers may be built like a fortress, it is important to have a contingency plan in place. Skim the vendor’s service agreement for a section that includes phrases like Force Majeur, Acts of God, natural disasters, and Acts of Terror. This article in the contract should highlight the provider’s data recovery process in the event of a catastrophe. While worst case scenarios are never fun to think about, it is important to know how your data will be recovered and returned to you.

Don’t be bullied:

It can be intimidating when a provider slaps a 20+ page document down on the table in front of you and hands you an executive pen. The service agreement packet may be in black and white, but you have the right to negotiate on terms that seem problematic and request an addendum. Both parties have to agree on the terms of service. Some vendors may not grant this request, leaving you with the option to sign as is or find another service provider. But remember, your business IT solution is not something on which you need to “settle”. There will be other vendors willing to meet your demands, and we suggest you take the opportunity to find them.

Do avoid vendor lock-in:

Contracts are meant to be binding, not suffocating. It is important to consider an exit strategy… just in case things don’t work out. Some cloud service providers allow a trial or grace period in which clients can determine if they are happy with the solution. Few vendors offer satisfaction guarantees, in which after the trial period is over, clients may discontinue their service without penalty and go back to their former IT solution. On the contrary, some providers will do nearly anything to keep their customers… in ways that do not benefit the client. This tricky maneuvering is called vendor lock-in and it manipulates the market. Fortunately, if you know what to look for in the service agreement, you can avoid vendor lock-in easily. While, at this point in the process, you should know all about your application hosting options, remember to plan ahead by considering how third party applications function in the solution. Do you have the option to incorporate any applications from another provider? If you do, will they operate smoothly and efficiently? Will the provider offer technical support for third party applications? If the answer to any of these questions is “no,” you should be aware that you are agreeing to use this vendor exclusively. Also, be sure to understand any contract renewal policies the vendor expects you to adhere to. Does your contract automatically renew at the end of the service term for the same length of time? How much notice is the vendor required to give before your current term with them ends? What are the provider’s termination policies? (In other words, what rights does the provider have to terminate your service?) Which protocol should you follow to officially and legally end service? Lastly, if you choose to leave or if your services are terminated, will the provider assist you in migrating to a new (or former) vendor? Remember… it’s all in the details.   To learn more about best practices on researching cloud service providers, click here. Or speak to a cloud consulting specialist directly.