‘SLALOM’ (Service Level Agreement Legal and Open Model) is an initiative established by the European Commission to develop standardised ‘ready to use’ contract terms and service level (SLA) specifications for cloud services. The Commission, and its group of industry experts, want to establish a baseline of fair, transparent and understandable templates and guidelines aimed at increasing the uptake of cloud services and making it easier for customers to migrate efficiently to the cloud. But why is SLALOM needed? And will the voluntary SLALOM guidelines practically affect European businesses buying or selling cloud services?
Background to SLALOM?
SLALOM builds on the earlier European Commission Cloud Select Industry Group standardised guidelines for cloud computing service level agreements that we reported on earlier this year. SLALOM is designed for use by both cloud providers and customers. Cloud service providers can adopt the SLALOM contract terms and SLA specifications and use them as a base for their own contractual clauses and technical specifications. Customers looking to adopt a cloud service can use SLALOM as a fair and balanced benchmark to compare contract terms or SLAs offered by various providers.
Problem with existing cloud terms
Over the last few years, both the number of providers offering cloud computing services and the range of cloud services available has significantly increased. This has resulted in providers flooding the market with a variety of complex contract terms and SLAs. In many cases, customers lack knowledge about what are fair and reasonable contractual terms and service levels.
In addition, providers often use their own specific contracts with varying terminology. This approach increases the cost of reviewing and drafting and makes it more difficult to compare offerings from different providers. The lack of consistency also makes it challenging for customers to know exactly what they are signing up to and where liabilities and responsibility for cloud service delivery lie.
Advantages of SLALOM
The SLALOM terms and specifications for cloud computing have a number of advantages over traditional cloud provider-drafted documents. These include:
- Simple drafting – Although most cloud contracts in the market are complex, SLALOM terms are clear and drafted in plain English. They also come with guidance documents that help explain things and provide useful examples.
- Fair and balanced – SLALOM terms are designed to be safe, fair and independent. Neither providers nor customers are given any hidden advantage.
- Flexible universal starting point – SLALOM terms are flexible and a great starting point for negotiations. They can also be adapted to suit different scenarios.
- Consistency – SLALOM terms are consistent and standard, which reduces uncertainties and ensures customers know where they stand when transitioning into the cloud.
- ISO compliant – SLALOM terms align with the ISO standards on cloud.
SLALOM SLA metrics and parameters
The core SLA specification of SLALOM breaks down the typical metrics and parameters in a cloud SLA and sets out a suggested middle ground. Some of the key concepts in the performance and availability section include:
- Availability: The SLA should clearly define service availability in a complete and measurable way. This will enable customers to make a fair comparison across different cloud providers. The provider should schedule acceptable downtime and notify it to the customer reasonably in advance (1 week). The provider should reasonably limit acceptable downtime, for example, 5% of the total time may be reasonable. The parties should determine valid interruption of availability on an agreed period of continuing measurements indicating unavailability, SLALOM proposes 60 seconds.
- Performance – Incident Response Time: This concept describes the time it takes the provider to acknowledge the customer’s issue in a non-automated way. This metric should be explicitly included in an SLA. It is important to clearly define working hours/days and ensure customers know that only these working hours count toward the provider’s response time.
- Performance – Incident Resolution Time: A key issue is that typical cloud SLAs in the market rarely address this metric. SLAs should include this metric as it provides customers whose business may rely on the cloud service, with transparency on the time that the provider will take to resolve an incident from the time it is reported.
- Benchmarking: Benchmarking of the cloud service against similar services offered by the provider’s competitors should use specific tests that produce meaningful results which the customer can understand. Any benchmarking process should be repeated periodically, and in a manner that covers different time zones or usages of cloud services, for example, business hours, entertainment hours etc.
- Monitoring: The provider should have responsibility to monitor the cloud service. The customer should have the right to monitor remotely, or through a third party. The customer should also have the right to audit the provider's own monitoring.
- Reporting: The provider should regularly produce detailed reports of service outages and metric calculations to customers, for example, each billing cycle or monthly billing cycles, so that service level defaults and service credit entitlement can be assessed.
The SLA technical specification also sets out key issues in connection with acceptable use, data protection, data management and the responsibilities of the parties in relation to security measures, including authentication, backup and recovery and encryption.
Conclusion - Can SLALOM transform cloud contracts and SLAs?
At a basic level, the various industry experts who came together to prepare SLALOM have created a useful catalogue of the risks inherent in cloud computing contracts and SLAs. However, it is not certain at this early stage whether the SLALOM contract terms and SLA are the “major step forward” that will “level the playing field” as the European Commission advocates.
SLALOM is only a voluntary reference guide that providers are free to reject. Certain providers may see their cloud offering as a cheap commoditised service for which they are not willing to negotiate the contact terms or SLA with individual customers. There are also many different types of cloud computing services in the market and such a range of different industry sectors acquiring cloud services, that it will be difficult, if not impossible, to get all stakeholders to agree to a ‘one size fits all’ format. If a provider decides not to adopt the SLALOM terms in favour of using their own bespoke SLA, our guide to negotiating a provider’s standard SLA can help to untangle the terminology and metrics.
Despite these reservations, at the very least, the SLALOM’s legal and technical reference models provide clarity in relation to where the challenges arise in cloud contracts. Providers will have the opportunity to base some or all of their contractual terms and SLAs on SLALOM and use this as a ‘unique selling point’. Customers can refer to SLALOM to better understand the SLAs a provider is offering. SLALOM will also allow customers to distinguish between the legal and technical offerings of different providers, as opposed to simply deciding between different providers simply based on price, as many customers currently do.