Having experienced the fire that ravaged Illinois Bell’s switching station 22 years ago, it’s only natural that Raymond Gloor became a data security expert. The fire disrupted service to hundreds of thousands of people for a month, literally melting fiber optic connections among the 50 switching centers that flowed into the Hinsdale, Ill., hub. “It never occurred to us that one station could cause so much trouble,” Gloor said.
These days, a cloud service-level agreement (SLA) is a must, given the similarities between cloud computing hubs and mainframes. Consider the following excerpt from a New York Times article published right after the Hinsdale fire in May 1988:
The phone system’s vulnerability has become more important now that the circuits carry not only conversations but computer data, and are crucial to the nation’s commerce. Companies routinely place orders, transfer money and consult computer data banks over phone lines. A halt in phone service could ricochet through the economy, causing millions of dollars in business losses.
“Put ‘World Wide Web’ into the headline, and a lot of the issues in the article are still very much issues,” Gloor said — except that now there is also voluminous video, which threatens to slow response times. For some industries, such latency is unacceptable.
“You cannot tell a customer of a bank, ‘we don’t know how much money you have in your account,'” Gloor said. With new banking regulations coming from the government, it’s important to figure out how to deal with latency. “It’s not an 800-pound gorilla,” he said. “It’s a monstrous gorilla.”
As a CIO, I have a responsibility to make sure the systems I deliver are up 99.999% of the time.
CIO, Shaklee Corp.
The Illinois switching station lesson has stuck for life, and is reflected in Gloor’s position when he deals with cloud providers. “Business continuity is so important, especially as CIOs consider moving apps into the cloud. What’s going to happen when you lose a Web link?” Gloor asked. “How is that going to be addressed [in a cloud SLA]?”
Ken Harris, CIO of Pleasanton, Calif.-based Shaklee Corp. and former CIO at The Gap Inc., NIKE Inc. and a half-dozen Pepsi companies, confirmed the concern. “As a CIO, I have a responsibility to make sure the systems I deliver are up 99.999% of the time. Frankly, my experience with SaaS [Software as a Service] is that a lot of the providers don’t fully understand that.”
Disaster planners say every conceivable event will happen, given time. What will you do when the cloud goes down? According to Harris, it’s critical to have a cloud SLA that guarantees uptime, response time and backups.
What’s dangerous, beyond acts of God, are SaaS providers who don’t understand the uptime requirements that CIOs have to live with, Harris said. “We can’t have a system down and no one working on it.”
Harris tackled the issue head-on when he negotiated with PivotLink, a provider of on-demand business intelligence. Shaklee, a multivitamin and natural products company, conducts hundreds of scientific studies every year; and the process produces a forest of data in which it can be difficult to find the trees. Before entering into a relationship with PivotLink, Harris made sure the Bellevue, Wash., SaaS provider measured up in the following areas:
- Response time. “I will be held responsible for response time,” Harris said. “If that’s not good, the relationship won’t work.” Shaklee tested PivotLink’s response time by giving it a limited number of simple transactions to make sure it could deliver.
- Downtime. If a system is down, the provider should assure escalation quickly through the provider organization, Harris advised.
- Disaster recovery. Find out what the vendor’s contract is in that area; you’ll need a failover disaster recovery site, which could be on premises.
- Uptime rewards. Shaklee provided PivotLink with economic incentives to stay up, “which frankly need to be in every SaaS-based contract,” Harris said.
In the end, services delivered over the Internet are going to suffer downtime, but that does not mean that CIOs can’t prepare for the worst when dealing with a cloud provider — and get it in writing.