Cloud computing is here to stay. Larger companies and public sector bodies continue to increasingly embrace cloud computing. However, while the cloud certainly has its benefits, there are a number of key challenges that businesses face when assessing a (further) move to cloud computing, and it is vital to understand that there is no ‘one-size-fits-all’ approach.
When we talk about the ‘cloud’ in terms of cloud procurement, there are usually three models, or layers, of cloud computing services under consideration - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Each layer provides a different type of IT services that are stacked upon each other with IaaS at the bottom providing storage and server infrastructure, moving to the platform level PaaS, and the application layer SaaS sitting at the top of the stack.
Being layered on the same stack means that IaaS, PaaS and SaaS are often procured using cloud services agreements that address many of the same or related issues. However, it is important to note that each agreement's key terms may vary in a number of areas. Some key aspects are discussed below.
Each technology layer focuses on different issues and so cloud agreements should highlight the key purpose of the relevant cloud technology. For IaaS, the agreement should focus on the creation, management and control of virtual machines; for PaaS, it should focus on the development and deployment of software applications; and for SaaS, it should focus on the management of access to software and applications.
Each technology layer may be relied upon by the customer with varying levels of importance so service level requirements may differ. Customers often require a service level commitment from IaaS providers as critical back-end functionality is typically provided, whereas PaaS providers often do not consider application development as critical, so are less inclined to offer service level commitments. With SaaS, customers will often consider a service level commitment as crucial to ensure business continuity where the SaaS is accessed by multiple users across the organization.
With any service level commitment in place, the customer must ensure that the relevant metrics are actually measured and that any associated credits appropriately incentivize the cloud provider to perform. Where a cloud provider does not, or will not, offer any service level commitment, customers can consider asking for a right to terminate for repeated or chronic service failures.
As cloud computing is typically built upon a scalable solution basis, cloud providers generally limit customizations in an effort to manage services in the most efficient manner, most commonly with SaaS, where software is generally configured in the same manner throughout the provider’s entire customer base. However, there could be more scope for customizing the cloud service for IaaS, where integration with the customers’ systems may be required, and for PaaS, where integration with the customers’ systems and other computing components necessary to build and deploy applications may be required. In each case, the cloud service agreement must accurately set out the scope of services being procured and identify any customization required.
While cloud computing relies on the same innovative technology for delivering services, the way in which these services are contracted will need to be tailored to the specific customer’s requirements. The cloud services agreement must therefore address these needs to ensure that a customer does not get lost in the clouds.