Trust, but verify!

If you ask five people to give a definition of cloud computing, you get six answers! This is a common joke about cloud computing. The same might be true if you ask cloud service providers about their service portfolio and service levels. Today, the cloud service provider market is very diverse. You find all kind of providers, from small local startups to large enterprises that are well known in the IT business.

Each of these cloud service providers might have their own set of services, business model and client base. Depending on their background, the understanding of Service Level Agreements (SLAs) and what they could mean for clients is completely different. There is no right or wrong here, but every client needs to make sure that the service provider’s perception of SLAs does meet the client’s expectations and requirements.

Penalty driven SLAs are useless!

Cloud computing is a service offering and SLAs are a valid way to describe what a client actually gets. So, we need SLAs to define a cloud service. However, the main question arising is:how much is the given SLA for a specific service worth? – also meaning, how motivated is the service provider to meet the SLA?

Today, a common approach to make an SLA stronger is to tie penalties in case of missing. I can give you two reasons why I think penalty driven SLAs are useless:

  • Penalty driven SLAs are mainly agreed on critical workloads or infrastructures because these SLAs are more expensive than penalty free Service Level Objectives (SLOs). However, talking about important workloads, the agreed penalty will never ever cover the actual loss a client might have because an important or even critical system goes down.
  • Penalties on SLAs are financial risks for the service provider. And, this risk is usually priced into the service. So, actually, clients pay their own penalties over the duration of the contract.

But what can a client do to make sure to contract the right cloud service provider? One recommendation would be to analyze the cloud service provider’s understanding of SLAs and its background as a service provider in general.

A few questions to ask:

  • Experience and operational excellence — is the provider well known in the market for providing services, does he have proper processes in place, does he comply to industry standards (ITIL) and certifications (ISO, SSAE)?
  • Is being cloud service provider his core business or is that just something he does to utilize his IT equipment?
  • What is the typical client base and how important is his reputation as a service provider for him?


When choosing a cloud service provider, penalty driven SLAs shouldn’t be trusted blindly, but rather being verified as to how likely it is that those SLAs are actually met. Is the provider just gambling, or does his technical infrastructure, processes and culture give me confidence. A service provider that requires a $ 100 penalty for motivation to hold SLAs might not be the right choice!