Friday, August 2nd, 2013
Symantec’s 2013 survey, Avoiding the Hidden Costs of the Cloud, reported that more than 40 percent of the companies polled had lost data in the cloud and had to depend on backup to retrieve it.
While a cloud restore service can help your company retrieve this kind of lost data, not all SaaS platforms are created equally. You can avoid costly surprises by asking your SaaS provider the following questions and ensuring that their answers are clearly laid out in the service level agreement (SLA).
What is the compensation for data loss?
In some cases, the SaaS provider might only compensate its customers in the thousands for data loss — even if the impact has been in the millions. The average SLA offers credits for certain levels of missed service. However, these levels are usually capped at a percentage of the service fees. The average SLA also has limits of liability, stating that the provider is not liable for data lost via human error (end- user deletion), hackers, overwriting by another application, and application closure. Ensure that liability and compensation are clearly defined in the SLA and discuss the risks versus benefits with your enterprise’s CFO. Together, you may decide it’s worth it to shop around for other types of SaaS with better compensation levels if you have more to lose than the provider can adequately compensate.
How do you structure your cloud?
Part of your due diligence when assessing the security of SaaS providers should include finding out about their data architecture, including exactly where they keep their data. If information is housed in a data center with low reliability ratings or low data availability, this fact should be disclosed to the customer.
How often do you test your disaster recovery measures?
Just because an SaaS provider develops and discloses a disaster recovery plan doesn’t necessarily mean it has been tested – even once. Ask your provider about their disaster recovery measures, and request a clause in the agreement that the plan be tested a few times per year, with results disclosed to customers.
How do you define uptime and downtime?
The definition of “downtime” will vary with SaaS providers and this affects the value of their data management. For example, you could have a problem if ten percent of your end users are experiencing downtime, but your SaaS only defines “downtime” as something that affects a minimum of 25 percent of end users. Or, if your end users are experiencing a system response time that’s so sluggish it’s impairing its usability, but since it’s still technically functioning, the SaaS defines this as “uptime.” Ask your SaaS provider for a detailed definition of what they consider uptime and downtime, and aim for an uptime percentage of 99.9 to 99.999 percent.
Can I pay extra for priority treatment?
In the aftermath of data disaster, all of the SaaS provider’s customers will be angling to cut to the front of the line. Ask your SaaS if you can pay extra to have top priority in the aftermath of data loss, so that your end users – whether they’re your customers or employees – can get back online before the SaaS provider’s other clients.