A business should consider many things before signing on a dotted line with a Software as a Service (SaaS) provider, but it should, above all, keep in mind that no two service-level agreements are alike.
That’s only if a SaaS provider even offers a service-level agreement (SLA); some extend a contract that covers only data ownership and avoids any guarantee on uptime and availability, according to several industry experts.
For more on service-level agreements
Read how to finesse an SLA from a data center
Learn how a cloud SLA protects data from outages
Determine whether an outage to a sandbox environment affects SLAs
Some providers won’t make contractual promises about uptime, partly because they operate almost as efficiently as telephone and electricity utilities, but also because they don’t want to be on the hook for a user’s monetary losses, the experts say.
“It’s a trend. The provider side is afraid of legal issues,” said Brian Babineau, the vice president of research and analyst services for Enterprise Strategy Group in Milford, Mass.
Many times, providers offer only a master services agreement that stipulates ownership of data, said Robert Desisto, an analyst who specializes in SaaS research for the Stamford, Conn., research firm Gartner Inc. “They don’t want the overhang on liability,” he said.
A close look at SaaS providers’ service-level agreement contracts
In a nutshell, a service-level agreement spells out, in measurable terms, what services a provider will deliver. An agreement will ensure some form of remediation -- typically credit on future use when it comes to SaaS -- should the provider fail to make good on its promises.
But, more often than not, SaaS providers nowadays offer general contracts that are less binding than standard SLAs, the experts say.
“They’ll say, ‘We’ll meet certain performance metrics. It’s part of our architecture and our service. If that does not occur, we’ll do better next time,’ ” Babineau said.
Still, businesses shouldn’t allow a SaaS provider to dictate the terms of an SLA. Users should shop around for a provider that best meets their needs, asking tough questions and taking a firm negotiation approach, according to the experts.
For instance, no two SLAs will look alike, nor should they, Desisto said. The nature of the agreement will vary depending on the SaaS application. A company using a SaaS provider to automate the business tasks of sales won’t have as detailed an SLA as, say, a call center that depends more greatly on the availability of SaaS, he said.
An SLA typically lasts a year, although some can run as long as five years -- but that is rare, Babineau said. Cost varies greatly, depending on the applications used, availability and other variables, he said. SaaS can cost more than running applications internally, but it’s a fixed operating cost that doesn’t require additional spending on maintenance and upgrades, he said.
SLAs offer differing coverage for downtime
One of the more negotiable points of an SLA is the credit process for downtime, according to Pete Sclafani, the chief information officer for 6Connect, a San Francisco company that sells network management software to service providers.
A business should ask a SaaS provider what steps it needs to take when service goes down, including how to report an outage, Sclafani said. Rarely does a provider issue credits on its own, especially when an outage occurs in the middle of the night when no one notices, he said.
Most providers don’t recompense for damages; only downtime, Sclafani added. And the so-called “outage clock” may not start, he said, until certain conditions are satisfied: when a user submits an electronic ticket or calls a support line. If you pay $100 per month and service was out for five days, expect to receive credit based on agreed stipulations and only for what you’ve paid, he said.
A SaaS provider’s forecasts on uptime will always play a part in SLA negotiations. “Yet it’s something that doesn’t come into play until something breaks,” Sclafani said. That’s why it’s important to ask detailed questions when shopping for a provider, before something goes wrong, Sclafani and other experts said.
Businesses need to review what a provider has in place to meet its SaaS objectives, including readiness levels and security measures, Babineau said. “You should probably look under the hood. I’ve never seen an eight-cubic-centimeter engine get 80 miles to the gallon,” he said.
Sclafani echoed Babineau’s warning to think twice about service providers that make lofty guarantees, especially about uptime percentage, the calculation of time that a server is up and running. “Is it hosted in someone’s house? Is it one data center or multiple data centers? How many routers do they have?” Sclafani said.
Denis Pombriant, founder of Beagle Research Group LLC in Stoughton, Mass., advises to not get caught up in every detail of every promise in an SLA. “Then you can find yourself asking the wrong questions,” he said. “What you want is continuous data and feed.” He added: “Can you have all the guarantees you want? No. What you want is building redundancy into your service.”
Most providers offer 99.99% availability, Pombriant said. That equates to 4.32 minutes of downtime per month. “The most difficult thing about an outage is it’s unpredictable. It can happen at the most inopportune time.”
But the Internet service industry continues to progress to the point where it can someday be considered a utility like gas and electricity, Pombriant said.
“You could turn it on at any point and expect it to perform without outages,” he said. But that would require an availability of 99.999% -- or only 5.26 minutes of downtime per year – and no one has achieved that yet, he said.
Another thing a business should consider before signing an SLA is that many SaaS providers claim that the user owns its information and they won’t surrender data to the government without permission. But several of the experts interviewed say that despite those claims, businesses should still closely read the fine print of an SLA.
“It depends on the model of the business,” Sclafani said. Facebook, for instance, makes no qualms about owning a user’s data, he said. “You can deactivate your account, but you agreed to their end-user license agreement. You uploaded the photos and your marital status. You agreed to that.” SaaS providers operate differently than Facebook, but a user still needs to look at who owns the data, he said.