Practicality and importance of the approach The need for standardisation

The following extract from the SLALOM initial positioning paper summarises feedback received on key inhibitors to cloud as seen from provider and service user (adopter) perspectives and solicits views on SLALOM’s goal in encouraging standardization through the provision of model legal terms and technical specifications.

Two questions were asked in the questionnaire to assess the importance of the work being done.

  • "What are your organization’s key constraints for its increased provision/use of cloud computing?" This was to determine the context within which this work is being done, to indicate the relative priority which CSPs and Adopters have for inhibiting factors to increased provision/use of cloud computing.
  • “To what extent do you consider contract and SLA-related issues as inhibiting your organization’s increased provision/use of cloud computing? “ This was to ask the question explicitly about contract and SLA-related issues.

The feedback from these questions demonstrated that contractual and SLA-related issues are not seen as 'show-stoppers' by either CSPs or End-Users. However, they are seen as inhibitors to cost-effective uptake, in particular by SMEs (both CSP and Adopter) which do not have the legal staff or external legal support which larger organizations have. Significant value is seen in 'standardization', so long as it does not prove burdensome (i.e., 'keep it simple') and so long as it does not constitute a straightjacket (i.e. 'one size fits all' which does not).

From perspective of CSPs there were few comments about general contractual issues unrelated to SLAs, except as detailed below (e.g. data location). The overwhelming view is that SLAs do not inhibit cloud uptake (10 responses, 2 non-responses). A limited number (4) said they want standardization, but do not say if they inhibit cloud uptake (3 SMEs, 1 just above: 250 – 999 employees). One stated that SLAs are important, but did not indicate if they inhibit cloud uptake.

Standardisation was seen as most important for the Enterprise sector; Public sector; Local government and Charities. One provider expressed the view that SLAs are not important for run-rate (= standardized, high-volume, low cost) services. Another added that there are no meaningful SLAs by public cloud providers.

Other issues mentioned were:

  • Data location
  • Availability (difficulty of achieving high levels)
  • 'Off-shore or third party administrative roles in service assurance' [apparently = issue of subcontracting]
  • Customer confusion

From the perspective of Adopters few considered this important. (4 ignored the question, 1 said it was not an inhibitor (if properly written); 1 said low; 1 said medium to low). Several commented directly or indirectly about desirability of standardizing and in particular managing variances of the same terms between vendors.

Only two strong comments were received: "Very significant. Too much time reviewing contracts for potential privacy liability risk assessment with no ability to negotiate limitation clauses' and "Lack of control about personally identifiable information outside of our doors"

From perspective of Others, 2 limited responses were received from the 5 ("basically" and “Significant"). One extensive comment read: " .. should be structured by strong, standard, simple and agile SLAs and contracts…"

Overall factors inhibiting cloud uptake

Additionally Respondents were asked to list Overall factors inhibiting cloud uptake. From the perspective of CSPs one mention was relevant to SLALOM’s scope: 'legal issues'. There was minimal mention of 'traditional' cloud issues: Data location; Security; Resilience; Robustness; and Availability. Instead most wee marketing and education related. Some relate to fast-changing technology and the ability to keep up whilst others reflected financial and management concerns of potential customers: Capex vs opex; Need to utilize existing infrastructure investment; and Reluctance of IT management to lose control. Some reflect particular concerns of small SMEs: Funding; and One cited exposure to government policy changes (for CSP serving government). Finally some reflect supply chain issues (Licensing).

From the perspective of Adopters there were limited mentions relevant to SLALOM scope: 'difficulty of comparing CSPs'; and Availability (2 mentions). The main concern is regulatory compliance: Personal data protection; and Data location. Security was the second-highest concern. There were a variety of other single mentions: Vendor lock-in; Feasibility; Performance; Storage; Redundancy; Threat deterrents; Accessibility; and Direct audit possibility.

From perspective of Others there were only 2 mentions: Cost; and Need for technical cloud brokerage platforms/portals.

The practicality of model terms and specifications

There is considerable overlap in the proposed ISO SLA standard ISO/IEC 19084-1 between measurable metrics and overall contractual content (or 'service commitments'), and SLALOM should give consideration to what it lists as needing to be covered. See the supporting analysis below, plus Section 5 (Component and Metric Prioritisation).

There are some strongly expressed views for and against having model terms and specifications. Views of principle include the following:

  • Pro: they save time and resources, and provide better assurance of SLA appropriateness and adequacy, by providing a trusted verifiable starting point for providers and business users to negotiate. They are particularly helpful for SMEs who do not have the legal support to navigate and negotiate complex and varied contractual provisions from different potential vendors.
  • Con: they create a 'one-size-fits-all' straightjacket which simply does not work.

There is also the issue of whether realistically they will be taken up by industry. There is a fairly poor track record of model terms being developed and adopted successfully. This issue is recognized, and must be dealt with if SLALOM is to be as successful as intended. See 3.8 below.

Guidance on contract standardisation

The EC-endorsed C-SIG guidelines to SLA standardisation, published in June 2014 [19], provide certain recommendations. These are: Technology-neutral, business model neutral, world-wide applicability, unambiguous definitions, comparable SLOs, conformance through disclosure, the ability to span customer types, cloud-specific, business and technical proof points, informative rather than descriptive, and finally, written by lawyers.

Although other sources have followed their own guidance on how to standardize SLAs and contracts, (for example the ISO working practices) these sources don not offer explicit guidance for standardizing cloud contracts and SLAs to other standardization efforts.

SLALOM will follow these guidelines, with the exception of ‘informative rather than descriptive’. This document details the descriptive advice available where identified. It is the premise of SLALOM that there is significant value to be gained from providing a model baseline set of clauses. Additionally whilst the legal clauses in SLALOM will be produced by lawyers, we identify the need also for technical specifications, written by technical experts. ISO is also taking this approach (see 3.4.3).

Read our paper and Follow us on Twitter