Editor’s question: What are the best practices that enterprise CIOs should include in a service level agreement with cloud service providers?

Editor’s question: What are the best practices that enterprise CIOs should include in a service level agreement with cloud service providers?

In order to retain the trust of customers, when things do go wrong, SLAs need to deliver. There is a common perception that SLAs look good on paper, until the day you really need them. The challenge for service providers is to ensure the SLA is reflective of the service and the customer feels there is a joint investment with the provider. Executives from NETSCOUT, Cloud Box, Pure Storage, NetApp respond.

Gaurav Mohan, VP SAARC and Middle East, NETSCOUT
Gaurav Mohan, VP SAARC and Middle East, NETSCOUT

Middle East business leaders are particularly aware of the hazards that come in a digital oriented organisation and crafting a service level agreement, SLA with cloud security service providers demands meticulous attention to key considerations to effectively safeguard digital assets and operations.

To address these challenges, IT professionals who want to empower their organisations to innovate with confidence are increasingly recognising the importance of combining service assurance, cybersecurity, and business analytics to establish the business assurance that transforms IT into a true partner in the organisation’s success.

It is imperative to establish clear definitions of responsibilities within the shared responsibility model. By delineating the roles of both the cloud provider and the enterprise, potential misunderstandings are mitigated, and critical security management gaps are avoided

The SLA must prioritise comprehensive visibility, ensuring that tools and methods for discovering, tracking, and reporting on assets in the cloud are provided. This visibility empowers enterprises to maintain control and awareness of their digital infrastructure, crucial for effective risk management

Compliance assurance should be addressed within the SLA, outlining how the cloud security service provider assists in meeting regulatory standards. This includes ensuring visibility into data location, access controls, and alignment with regulatory requirements

Collaboration between IT, security teams, and the cloud service provider is also crucial. Encouraging ongoing communication and cooperation fosters a culture of joint problem solving and knowledge sharing.

Briefly, a well-crafted SLA with cloud security service providers establishes a robust framework for protecting digital assets and maintaining operational integrity in the cloud, ensuring security, compliance, and resilience.

Avinash Gujje, Practice Head for Infrastructure, Cloud Box Technologies
Avinash Gujje, Practice Head for Infrastructure, Cloud Box Technologies

As a systems integrator it is pivotal to understand the role Service Level Agreements, SLAs play in ensuring seamless collaboration between enterprise CIOs and cloud service providers. Here is a breakdown of the best practices that CIOs should prioritise when crafting SLAs with cloud service providers.

Clearly defined metrics and service levels are imperative to establish specific, measurable, achievable, relevant, and time-bound metrics for various aspects like uptime, performance, availability, latency, and data security. Moreover, differentiating service levels based on tiers such as gold, silver, and bronze allows for tailored solutions catering to diverse needs and budgetary constraints within the organisation.

Negotiation of service credits and penalties helps to uphold accountability, define transparent service credits or penalties for instances where service levels are not met. These penalties should be proportionate to the severity of any disruptions, incentivising the provider to maintain high standards of service delivery.

Specification of communication and escalation procedures helps outline clear channels for communication and escalation procedures. This ensures prompt resolution of any issues that may arise. Defining roles and responsibilities for all parties involved fosters effective collaboration and problem-solving.

Conducting periodic reviews and audits of the SLA’s performance helps in identifying areas for improvement and ensuring alignment with organisational objectives. Independent audits serve to verify the provider’s compliance with the agreed-upon SLA terms.

Language support includes acknowledging cultural sensitivities and providing Arabic language support in SLAs fosters effective communication and enhances stakeholder engagement within the UAE context.

By incorporating these practices, CIOs can forge robust partnerships with cloud service providers, thereby facilitating the successful implementation of cloud technologies and driving growth.

Data governance and security delineate responsibilities around data ownership, privacy, and security. Adherence to UAE data protection regulations, including provisions for data residency, backup, and disaster recovery, ensures compliance and mitigates risks.

Data localisation and compliance with UAE regulations mandating the storage of certain data types within the country is non-negotiable. Clearly defining data transfer procedures and protocols ensures adherence to these requirements.

Regulatory compliance of cloud service provider with relevant UAE regulations, including cyber security standards and incident response protocols, safeguards against legal and operational risks.

Systems integrators are committed to leveraging their expertise to guide CIOs through this process, enabling them to navigate complexities and unlock the full potential of cloud partnerships in advancing their technological goals.

Alex McMullan, CTO International, Pure Storage
Alex McMullan, CTO International, Pure Storage

We are now entering a new phase in technology procurement where SLAs are becoming differentiators and, in many cases, the ultimate decider in purchasing decisions. Traditionally, procurement has been centred on cost, with a checklist as the mechanism for selection. The product or service that came in at the right price, with the most boxes checked, was generally selected.

In the technology sector, the ability to anticipate and react to major market shifts has always been a core tenet of success. Today, some companies are making innovative leaps forward by tying their SLAs directly to customers’ C-level priorities. For example, one of the biggest influencers in technology purchasing decisions is sustainability.

Today’s procurement conversations focus on energy consumption and carbon footprint, as well as a sustainable supply chain. SLAs therefore have to relate to sustainability in order to provide meaningful value. Another important trend is data security, driven by the unabated threat posed by ransomware and other forms of cyber-attack. This trend is very prominent in the data storage sector, but it applies to the entire technology industry.

Businesses should look for a data storage partner with SLAs on the power, cooling and data centre footprint requirements of its solutions. In addition, there should be transparent measurement of actual Watts per tebibyte, TiB, and consequences if guaranteed Watts, TiB or TiB, Rack is not met.

Some storage vendors can help customers achieve up to 85% reduction in energy use and carbon emissions and up to 95% less rack space than competing offerings, and may even have a commitment to pay for their customers’ power and rack space costs.

From a data protection perspective, we are also seeing the emergence of new, SLA-backed data security and resiliency offerings, with the introduction of services that ensure no data migrations are required, while guaranteeing zero data loss in the event of a cyber incident. These services allow customers to mitigate unplanned costs due to data loss incidents, while maintaining day-to-day business operations amid upgrades. These are the kinds of SLAs making a real difference for businesses today.

There is a clear societal trend towards less ownership and more subscription services. We see this in our personal lives and in business and it is giving rise to greater emphasis on SLAs, with the aim of improving these services. Above all, SLAs must stay relevant and be reflective of how the customer uses the technology and what it is they are hoping to achieve with it, rather than just what a vendor is prepared to stand behind.

Walid Issa, Senior Manager Pre-Sales and Solutions Engineering, Middle East, Africa and East Europe, NetApp
Walid Issa, Senior Manager Pre-Sales and Solutions Engineering, Middle East, Africa and East Europe, NetApp

When it comes to collaborating and partnering with cloud service providers, enterprise CIOs need to ensure that they have a strong service level agreement, SLA in place. This agreement outlines the mutual expectations and responsibilities of both parties involved.

It is crucial for CIOs to clearly define the scope of services provided by the cloud service provider. This includes specifying the type of cloud deployment, public, or hybrid, as well as outlining the specific services required such as infrastructure-as-a-service, IaaS, platform-as-a-service, PaaS, or software-as-a-service, SaaS. By clearly defining these parameters, CIOs can ensure that both parties are aligned.

Another important aspect to consider is uptime and availability guarantees. CIOs should incorporate specific metrics for uptime and availability in their SLA. This ensures that there are clear expectations regarding system reliability and performance. It is also essential to establish penalties or compensation mechanisms in case these metrics are not met.

Data security and privacy should also be a top priority when drafting an SLA with a cloud service provider. CIOs must outline their expectations regarding data protection measures, encryption protocols, access controls, and compliance with relevant regulations such as GDPR or HIPAA. Additionally, it is crucial to address data ownership and data portability rights in case of termination of services.

Disaster recovery and business continuity plans should be included in the SLA. CIOs need to ensure that their critical business systems can be quickly restored in case of any unforeseen events or disruptions. The SLA should specify recovery time objectives, RTO and recovery point objectives, RPO to guarantee minimal downtime.

Regular reporting and communication channels between both parties should be established within the SLA. This includes scheduled performance reviews, incident reporting procedures, and escalation paths for issue resolution. By maintaining open lines of communication, CIOs can address any concerns or issues promptly.

In summary, enterprise CIOs should include best practices in their service-level agreements with cloud service providers. These include clearly defining the scope of services, establishing uptime and availability guarantees, addressing data security and privacy concerns, outlining disaster recovery plans, and establishing effective communication channels. By incorporating these best practices into their SLAs, CIOs can ensure a successful partnership with their cloud service providers.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive