is4233 final presentation
DESCRIPTION
We share our findings about legal issues regarding the Service Level Agreements (SLA) of IaaS vendors and how they affect customers. We also propose some solutions to the issues outlined in our study.TRANSCRIPT
IS4233Term Assignment Presentation
Legal Issues Concerning the Service Level Agreements
(SLAs) of IaaS Vendors
Clement Low Jun Xian Loh Soon Bock Kang Jie Min Tan Tze Jun
16th of November, 2013
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
2
Introduction
Physical Assets
IaaS Cloud
3rd Party Virtualization of Physical Hardware
• Reduced Cost of Ownership
• Elimination of Hardware Procurement
What is IaaS?
SLA<< bound by >>
CloudCustomer IaaS
Vendor
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
3
Considerations & Concerns about IaaS
Customer Data• Confidential
ity• Integrity• Availability
GeographicLocation
Legal Aspects ofContractualObligations
How can all these be addressed?
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
4
Presentation Agenda
1. IaaS Service Level Agreements
(SLAs)
2. Relevance of IaaS SLA in Legal
Context
3. Categories of Legal Issues in
IaaS SLA
4. Categorical Elaboration of Legal
Issues
5. Court Case Analysis
6. Vendor SLAs: Legal Issues &
Solutions
7. Solutions to Unaddressed Legal
Issues
8. Conclusion
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
5
IaaSService Level Agreements
(SLAs)
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
6
IaaS Service Level Agreements (SLAs)
www.themegallery.com Company Logo
Binding negotiated document
States the minimum level of service to be provided
Entitlement to damages
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
7
Relevance of IaaS SLA in
Legal Context
• Legal dispute related to IaaS in the USA
• Unavailable hours in ALL IaaS cloud service
providers TRIPLED in 2012
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
8
Relevance of IaaS SLA in Legal Context
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
9
Categories of Legal Issues in
IaaS SLA
• Availability
• Reliability
• Performance
• General Liability
• Expressed Warranties
• Implied Warranties
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
10
Categories of Legal Issues in IaaS SLA
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
11
Categorical Elaboration of Legal Issues
Availability
• Monitoring of Service Uptime
• Service Uptime Percentage Ambiguity
• Vendor’s Reluctance to Fix Problems
• Delays in Server Maintenance
• Availability Calculation Based on Contiguous Blocks of Downtime Periods
Reliability
• Security Mechanism Put in Place & Mean Time for Recovery (MTR)
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
12
Categorical Elaboration of Legal Issues
General Liability
• Exclusion of Direct Liability
• Personnel with Access to Customer Data & Security Of Hardware Containing
Customer Data
• Secure Erasure of Data from Decommissioned Resource Unit
• Availability of Redundant Systems for Storing Customer Data
• Involvement of Customer(s) in Investigating Breaches
• Location Of Customer Data
• Chained Liability
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
13
Categorical Elaboration of Legal Issues
Expressed Warranties
• Reserving the right to Change Agreement Term
• Vendor Service Credits as the Sole Remedy for any Contractual Breaches
Implied Warranties
• Granting of Compensation through Claim Submission
• Time Zone for Time-Sensitive or Dependent Terms
• Resolution of Software Bugs & Defects
• Customer-Defined Security Policies
• Notification of Services and Infrastructure Events or Breaches Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
14
Categorical Elaboration of Legal Issues
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
15
Court Case Analysis
• Gimme The Best, L.L.C (Plaintiff) vs. Sungard Vericenter, INC. (Defendant)• Breach of contract due to numerous breakdown of
Defendant systems in 3 separate occasions• Slow Performance • Data Loss• Hardware malfunctions
• Worst breach happened in Dec 2006
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
16
Court Case Analysis (Background)
• Material Misrepresentation
• Breach of agreement term
• Does the 3 breaches constitutes as a single breach or
multiple breaches of contract?
• Defendant’s Limited Liabilities
• Plaintiff’s Remedies
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
17
Court Case Analysis (Legal Issues)
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
18
Vendor SLAs: Legal Issues &
Solutions
Legal Issue: Monitoring of Percentage Uptime
• Amazon and VMware
• Measured based on IaaS vendor infrastructure
• Uptime vs Availability
• Excuse for them to escape liability
Solution
1. External audit by certified company
2. Provision of common monitoring tools to customers
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
19
Vendor SLAs: Legal Issues & Solutions
Legal Issue: Exclusion of Direct Liability• Amazon Specific Terms
• Failures that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control)
• Failures that result from failures of individual instances or volumes not attributable to Region Unavailability.
• HP Cloud Compute Specific Terms• Reserve the rights to withhold credit if it cannot verify the downtime or customer
cannot show that they were adversely affected in any way as a result of the downtime
• Require to contact HP and make a report within 30 days of the end of the month in which availability was not met
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
20
Vendor SLAs: Legal Issues & Solutions
… continued …
Solution
• Difficult to negotiate the SLA terms in the capacity of an individual
• Corporate Customers have to negotiate if they feel that exclusions are
unreasonable.
• IaaS vendor have to weigh their exclusion against Customer’s interest to entice
more customers
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
21
Vendor SLAs: Legal Issues & Solutions
Legal Issue: Unilateral change of agreement terms by the IaaS Vendor
• Amazon and VMware
• Terms in the SLA are subjected to changes in accordance to agreements
Solution
• Provide clear and sufficient notice to customers
• Continue to honour existing contract terms
• Provide a chance for customers to repudiate contract
• Change warranties (not conditions) and provide compensations
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
22
Vendor SLAs: Legal Issues & Solutions
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
23
Solutions to Unaddressed Legal Issues
Issue: Vendor’s Reluctance to Fix Problem
• Incapable of supporting request which cause downtime
• Expensive to rectify
• Prefer to pay service credit than to rectify the problem
Solution
• Treated as a breach of condition
• Right to terminate contract
• Legal action
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
24
Solutions to Unaddressed Legal Issues
Issue: Missing SLA Clause for Service Performance
• Critical to customers that process time-sensitive requests.
• Monitoring Performance-related metrics
• Burden of proof
Solution
• States the hardware specification clearly and concisely
• Includes Performance-related metrics to measure the performance level
• Includes the monitoring methods
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
25
Solutions to Unaddressed Legal Issues
Issue: Customer-defined Security Policies
• Critical to customers to implement their security policies
• May clash with the vendor’s security policies
Solution
• The IaaS vendor can offer tiers of services that has various security profiles
• Allow the customer to select their most suited security profile
• The IaaS vendor’s policies will not interfere with customer’s security policies
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
26
Solutions to Unaddressed Legal Issues
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
27
Conclusion
Issue: Notification of Events/Breaches Related to Services &
Infrastructure• Customers should receive notifications of breaches or events even if it is
unconfirmed
• Allow customers to preempt for any possible impacts or damage
Solution• Categorize different type of events that may occur
• Allow customers to opt-in for notifications in addition to confirmed breaches or
events
• IaaS vendor can exclude any claims from customers arising from false notifications
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
28
Solutions to Unaddressed Legal Issues
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
29
Conclusion
Let’s Re-Cap
We Defined
IaaS• What it is
• Why it is gaining traction
SLA• Service Level Quality
• Warranties
• Liabilities
LegalIssues
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
30
Conclusion
We found that…
IaaS Vendors
Few, if not NONE, offer performance-based SLAs
Have a reactive approach towards SLA violations
Induce the inherent legal issues in SLAs by setting terms that are skewed to their interests
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
31
Conclusion
Our perspectives…
The solutions we proposed work in the interests of IaaS customers and simultaneously assist vendors in resolving their legal dilemmas.
We believe that IaaS SLAs can be legally favorable to both customers and vendors alike.
Well crafted SLAs help to foster customer-vendor trust & confidence in the IaaS cloud services industry.
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors
32
Thank you for your attention!
Any questions?