Disaster recovery in the cloud: What do customers expect in an SLA?

Crafting an SLA for DR in the cloud requires providers to address several issues up front with customers, according to cloud expert Mooney Sherman.

What are customers looking for in service-level agreements (SLAs) for cloud-based disaster recovery services?

Not all Disaster Recovery as a Service (DRaaS) offerings are created equal -- even those in the same deployment model. Selling disaster recovery in the cloud requires a plan that clearly identifies the boundaries, roles and responsibilities of both the organization and the DRaaS provider -- and the SLA must articulate this plan.

This is especially important for small and medium-sized business (SMB) customers. Before we can discuss what businesses are looking for in an SLA for DRaaS, it is necessary to have a crystal-clear understanding of what they require. Depending on their industry, business owners, boards of directors and executives may have a legal obligation to have a DR solution in place for compliance purposes. The replication of this type of data will require different technical solutions; for example, credit card and transactional data needs real-time backup and storage. Understanding each customer's specific DRaaS needs will help providers develop better SLAs.

Providers should be prepared to work with customers' CIOs; executives; IT staff; and security, privacy and compliance personnel, and take the following steps to address their organizations' SLA requirements:

  • Provide customers with a risk assessment and analysis for known threats (people, technology and natural disasters) at the location(s) from which DRaaS is being served.
  • Help customers choose the correct deployment model (public, private, hybrid or community cloud) that meets business goals and requirements of availability, confidentiality and integrity.
  • Identify mission-critical applications and data.
  • Determine technologies required for different types of backup and storage.
  • Ensure that the SLA is economical; will provide the appropriate level of service; and will not breach any of the security, privacy and compliance (legal, mandatory and regulatory) obligations.
  • Conduct thorough testing to ensure compatibility with steps one and two.
  • Make sure the DR plan and policies are in place to meet security, privacy and compliance requirements.
  • Get the approval of all the stakeholders involved, including the CIO, executives, etc.

SMBs may not have all the resources and expertise that enterprises do, but it will be well worth the provider's time to tackle these issues to avoid or minimize hefty fines for any compliance breaches.

Customers will be looking for a viable cloud storage provider that has built its service on the foundation on the following principles: a fully virtualized storage infrastructure, a scalable file system and a robust application that is able respond to the customer's urgent needs.

Dig Deeper on Storage Backup and Disaster Recovery Services