Services agreements, terms of service and, in some cases, service level agreements with major cloud providers aren’t terribly generous when it comes to compensating for outages.
In most cases, the provisions call for refunding an increasingly larger percentage of the customer’s monthly service fee the longer the service is unavailable.
But as any business owner understands, the real cost of downtime comes in the inability to serve customers.
“When a cloud service goes down, users lose access to their data; they may also be deprived from the processing capabilities that are provided as part of the cloud offering,” Francoise Gilbert, managing director of IT Law Group and general manager of Cloud Security Alliance, wrote in a blog post for TechTarget. “In turn, they may be unable to provide services to their own customers and be exposed to significant liability for failure to provide these services.”
He cites as an example the Rackspace Cloud Servers SLA, under which customers receive a credit of five percent of the monthly fees for each 30 minutes of unscheduled network downtime, up to 100 percent of the fees.
“Note that the compensation will only be for the loss of service, and will amount only to a percentage of your monthly service fee,” Gilbert wrote.
“There is no compensation for the loss of data, business, reputation or other loss,” the blog continues. “These terms are consistent with what is generally offered in the industry.”
But even under those terms, its crucial that MSPs understand the fine print, like what constitutes downtime, how the duration is computed and whether periods of intermittent failure are considered downtime.
“For example, if the service is up for one minute, down for one minute, and again, up and down for one minute at a time, is the interruption computed as the total of the periods when the system is down?” the blog said. “Or is it the entire time when the service is so unreliable that processing is stalled or interrupted?”
Distributed Denial of Service attacks (DDos) are typically exempt from the compensation provisions, which can raise a host of other tricky questions.
“Is a cloud outage caused by a hacking circumstance out of the control of the service provider, and should therefore result in no liability?” Gilbert wrote. “Or was the hacking possible due to gross negligence and failure to install commonly known safeguards?
Third-party service providers should also ensure that ramifications and responsibilities in the event of cloud service outages are clearly spelled out in contracts with customers.
“Users and cloud service providers need to be clear on what happens when there is an interruption in the service,” Gilbert advises.
“Any uncertainty in the terms for compensating the customer for service interruptions and downtime will only cause problems when such cloud outages occur,” he continued. “Clarity will save time, money and aggravation to both parties if these terms are adequately defined in the contract for these services.”