Everyone says the cloud is the future. Not without the proper service level agreements (SLAs) – contracts that specify quality of service and the compensation that customers can get when problems occurs, writes Sathya Mithra Ashok.
We have heard a lot about the cloud in the last year. The way it can transform IT, the innumerable benefits that it can bring to the table and how it is the inevitable future for every enterprise. What we have not heard about much is why most enterprises still shy away from the cloud – especially in its more public form.
“Very broadly, what’s holding them back are concerns about security, control and interoperability. Many of them are concerned about the journey to the cloud being a one-way street – being locked into a specific API or platform or not being able to bring the service back into the data centre,” says Deepak Narain, systems engineers manager for the MENA region at VMWare.
Sachin Bhardwaj, head of business development at eHosting DataFort (eHDF) points out, “Organisations such as the government and financial sector organisations are wary about sharing confidential information in the cloud and want to stay in full control of their data as they have various regulatory requirements. They prefer having their data in-house or at a third party data centre located within the same country where they have easy accessibility to their data. There are also apprehensions that cloud models could potentially make it difficult to switch vendors or move into or out of a cloud computing model.”
Rudolf Sarah, regional cloud director EEMEA for Orange Business Services (OBS) agrees, “In the Middle East especially, a final potential barrier is the regulatory implications of the cloud –which can be complex to navigate for customers. In terms of specific services, the adoption of cloud varies from one area to another. The everyday vanilla IT services such as e-mail, data backup are moving to the cloud more rapidly and easily because customers understand them and these are not mission critical services and the fear factor is low. So, a customer will compare the costs of the cloud offer to the internal service which he knows and understands. Adoption is quick and growing fast and this frees up IT teams to focus on more critical applications. But when the discussion moves to those mission critical applications, in relation to the cloud, the nature of the discussion changes and it generally takes a longer time for customers to assess and define a correct migration path to the new technology.”
Adds George DeBono, GM for the Middle East and Africa at Red Hat, “There are issues with a number of laws which make public cloud computing impossible or raises questions that have not yet been answered from a legal perspective. These may include requirements on storing whole data in the country. There is a lack of open standards around some aspects of cloud computing; many vendors come with
their own solution, often based on proprietary standards and software stacks. This gives cloud software/service vendors more instruments to further strengthen vendor lock-in, making it pretty impossible for customers to move away from the cloud service or software vendors.”
DeBono continues, “Most vendors today position cloud computing as a revolutionary approach which assumes that most existing applications cannot be used in a cloud and need to be rewritten from scratch, often using proprietary frameworks unique to the particular vendor of cloud services or software.”
Yes, the challenges that are connected to the cloud are several, and most of them remain unsolved to date. Keeping the domain of the public cloud in mind, there are a few issues that plague Middle East enterprises more than others, and key among these is the one concerning SLAs (service level agreements).
Getting it on paper
SLAs are tricky territory for most of the Middle East, even in countries that are as technologically advanced as the UAE and KSA. There are some service providers who provide them and some who don’t.
Orange’s Sarah states, “OBS uses the same global SLA internationally. All services include a standard SLA and offers several premium SLA options to customers. SLAs can be tailor-made to meet the special needs of organisations, such as a bank moving to the private cloud. The company’s consultative approach is also applied to the development of the SLA and generally helps to strike a balance between the demands of the customer – and the real needs of the business – and the service promise and commitment. Once the SLA is agreed upon, OBS tracks
and reviews performance against the SLA and recommends any additional adjustments. This SLA will clearly identify the service promise, the mutual obligations and our responsibility and the customer, and any penalty that may apply if terms are not met.”
Another global provider, Oracle also states that it provides a policy with the same terms and conditions that apply all over the world.
“SLAs for cloud platform hosted by Oracle are mainly measured by availability and uptime. This requires Oracle to deploy a complex high availability and disaster recovery solution that ensures increasing mean time between failures and decreasing mean time to repair, to the extent that can enable Oracle providing availability SLA varying from 99% up to 99.999%, based on the customer business requirements,” says Abdul Rahman Al Thehaiban, VP, Oracle Middle East and Africa.
Rahman adds, “By practise we found out that the most challenging issue about cloud SLAs is agreeing on SLA terms and conditions. This is because of two problems, first because customers initially targets very high SLAs like 99.9999% which implies high cost while their business requirements don’t mandate such complexity, so we try to help customers determine the best SLA level that matches their business requirements. Second, because of the different objectives that customers use as a basis for assessment of cloud SLAs Oracle is trying to standardise SLAs based on uptime and availability objective as highlighted earlier.”
Regional provider eHDF also prides itself on providing SLAs. Bhardwaj states, “The formation of a Service Level Agreement (SLA) starts from gaining an understanding of the customer’s IT and business requirement. This is done through gathering relevant information related to service level requirements. The SLA defines and guarantees the quality of service delivered to a customer and also defines the responsibilities of both parties. It not only describes the level of service expected by the customer but also lays out the metrics by which that service is measured, outlining the remedies or penalties if service level targets are breached.”
According to Guru Prasad, GM for strategic alliances and channel development at FVC (a company that represents the cloud services of Google, Barracuda and NCircle) says, “SLAs offered to our customers are in-line with global standards and do not vary in this region. In fact there is more personalised services offered in the region compared to Europe or Americas as customers are slower to adopt cloud in the region and hence need the added support to get them to believe in the cloud. While there is a standard adopted where SLAs are concerned, in
certain cases a customised version to suit their requirement is added on to the standard ones’. For example many of the customers in the region prefer on-site support to remote support this is added as a special addition.”
“Because cloud models are still at embryonic stages, people don’t know what they don’t know, and it is a learning exercise for all: providers,
builders, and consumers of the cloud alike. What is clear however, is the need for agility. There are opposing forces at each end: Standardisation and consistency of SLAs on one end, and the ability to offer f lexible SLAs on the other. Cloud providers need to be able to move from mass production into mass customisation! That is the ability to customise en mass with similar speed and cost model to mass production,” says Ammar Halabi, regional manager, data centre and virtualisation at Cisco.
However, as most CIOs and decision makers have stated in roundtables conducted by CNME through April this year, the all-important ISPs in the region refuse to give SLAs for assuring quality of service. This remains one of the biggest impediments to public cloud adoption and, without laws to regulate this soon, will continue to be one going forward.
This is mine
Closely linked to the provision of SLAs, and one which remains doubtful for most end-users, is the ownership of the data that resides in the cloud.
Says Aaron White, regional director for the Middle East Africa at Citrix, “It is paramount that the company retains ownership of its data, and is assured of its security, whether in a public, private or hybrid cloud environment. It is in the public cloud that issues of physical location of data storage, with differing local laws on ownership, come into play. It is vital in these instances that companies investigate and ensure the same safeguards, controls and agreements that would be implemented in a private network to ensure their data remains their own.”
Adds FVC’s Prasad, “Data ownership belongs to the customer who creates and manages the content. Data ownership or transfer never changes hands unless otherwise requested by the respective governments in the interest of national security which has been the concern of most customers. Data can be exported off the service whenever customers want to migrate off the cloud.”
Sarah states, “OBS works predominantly with MNCs and data ownership always resides with the customer. Reversibility and transferability of data is always applied to these relationships and a customer can request a back-up of data hosted by Orange at any time.”
“Housing dedicated ICT resources within a company’s own data centre creates a perception of control. When ICT applications and resources move into a cloud environment, the perceived risks increase — in part because the IT staff can no longer see and touch the physical components providing the solutions. This concern is more than perceptual; it is real because network links have been introduced into the process that did not exist in the previous architecture. Extra security is required to protect the customer’s data hosted in
the vendor’s data centre. The ownership of the customer’s data lies with the customer himself and this should be clearly indicated in the contracts between the customer and the provider,” states Ahmad Al Khallafi, enterprise sales director, commercial at du.
Herein though, lies the trouble. When there is no SLA or contract to refer to on downtime and data ownership or transferability, and no proper regulations on how such issues can be addressed and redressed, most Middle East enterprises are left unprotected when they move their data to the cloud.
This remains the predominant reason why most regional organisations are choosing to set up their own private clouds – which is just one step further from a virtualised environment – rather than move data extensively to a service provider, whether local or international.
Unless proper SLAs are defined, and service providers in the region become more conducive to implementing them, the future of the cloud in the Middle East might remain a private/hybrid model, rather than a public one – at least for the immediate future.