Depending on who you’re talking to, the Cloud is either the greatest innovation in computing since the internet, or overhyped software as a service. Part of the problem is, according to NIST, that:
Cloud computing is a developing area and its ultimate strengths and weakness are not yet fully researched, documented and tested.
Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models.
In an attempt to clarify the possibilities and potential problems for organizations considering cloud computing, NIST has created a Cloud Computing Synopsis and Recommendations Special Publication which outlines typical commercial terms of service, the different types of clouds, when they are best used, and considerations for using cloud computing.
Even if you aren’t considering a move to the cloud, the analysis of the typical terms of service is useful for any outsourced resource. The terms break down into the services the provider promises, limitations to the service agreement, and the terms you, the customer, agree to abide by.
The first part, the provider’s service promise, is often referred to as a service level agreement (SLA), with terms like “99.9% uptime”, and compensation for not meeting that target, along with agreements to protect the confidentiality and integrity of your data. When examining the SLA terms, make sure you understand the provider’s definition of “uptime” – if they measure service time intervals in 5 minute periods, and service is out for less than 5 minutes, then they may not count it as an outage. Also, “uptime” may not mean that all resources are available – for example, if you have a web site with a backend database, if the web site is available, but the database is down, it may not count as an outage.
The compensation for an outage is also often in the form of a service credit, so if you’re so dissatisfied with a provider that you want to move elsewhere, the compensation is lost. Also, if you don’t notice an outage and claim a credit for it, they’re not going to tell you about it – monitoring your system’s availability is the only way you’re going to know if they’re living up to their end of the agreement.
The limitations to the provider’s agreement are primarily that they are allowed to have scheduled outages, which are not counted against uptime. Check the provider’s history with this – there are times when scheduled maintenance can run over its window, and cause outages. Of course, in the event of a natural disaster, or other unavoidable disaster, the SLA is no longer in effect. In that case, if your provider has multiple geographically distributed data centers, and your data is replicated across them, you may still be able to maintain service.
As a customer, you also agree to terms – primarily that you will use the services legally, with properly licensed software, and pay on time. If, for some reason, the provider thinks you have violated these terms, they can terminate your account, and delete all of your data. So, make sure you’ve got a back up copy of all the data you have on their servers, partially in case their business office transposes the numbers on your credit card, and partially in the event of a natural disaster.
Finally, keep in mind that the service provider usually reserves the right to change the terms of your contract with advanced notice. This can include changes to any part of the agreement, including provided services, which could in turn effect the performance of your site. To cover this contingency, it’s a good idea to have a backup plan for moving your services either back to your own site, or to a different service provider.