Download - LLPC CSA NY Presentation SLA
-
7/29/2019 LLPC CSA NY Presentation SLA
1/16
-
7/29/2019 LLPC CSA NY Presentation SLA
2/16
DISCLAIMER
This discussion does not constitute legal advice and this presentationdoes not establish an attorney-client relationship. But you knew thatanyway.
These remarks do not necessarily reflect the position of the CloudSecurity Alliance or the New York Metro Chapter of the Cloud SecurityAlliance, or of any of the clients of Laberee Law PC.
2( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
3/16
3( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
4/16
SERVICE LEVEL AGREEMENTS
What is a Service Level Agreement.
What Service?
What Level?
Is it an agreement?
Is there just one SLA out there?
So . . . we just have to find it, sign it and we are done? . . . Right? . . . .Right? . . . .
4( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
5/16
5( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
6/16
CONSTITUENCIES . . .
I.T. Department
Enterprise / Company
Companys Customers
Companys Customers Customers
Regulatory Bodies / Government
Companys Employees
Risk Management group within Company
Companys Owners
Companys Management
6( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
7/16
. . . . AND WHAT THEY CARE ABOUT
Delivering good service. Jobs and budgets. Technical success and efficiency.Security.
Perform core business functions with maximum profit and long-term stability andvalue. Usually NOT I.T.
Getting service - - better, faster, cheaper. Often NOT I.T.
Effectiveness. Results. Avoidance of delay, loss or other pain. Removed fromimmediate tactical goals of Companys IT department. NOT Companys ITproblems.
Compliance. Privacy. Protection of Network and shared resources and the
commons, including security. Enforcement of non-I.T. laws.Support and resource. Keeping jobs and looking good. Privacy.
No losses, no lawsuits, no increase in compliance costs, no insurance claims.
Short- and mid-term Profits and long term value.
Employment and compensation. Company performance. Usually I.T. as a means,not end.
7( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
8/16
I.T. Department
Enterprise / Company
Companys Customers
Companys Customers
Customers
Regulatory Bodies /
Government Companys Employees
Risk Management groupwithin Company
Companys Owners
Companys Management
Delivering good service. Jobs and budgets.Technical success and efficiency. Security.
Perform core business functions with maximumprofit and long-term stability and value. UsuallyNOT I.T.
Getting service - - better, faster, cheaper. OftenNOT I.T.
Effectiveness. Results. Avoidance of delay, loss orother pain. Removed from immediate tactical goalsof Companys IT department. NOT Companys ITproblems.
Compliance. Privacy. Protection of Network andshared resources and the commons, including
security. Enforcement of non-I.T. laws.
Support and resource. Keeping jobs and lookinggood. Privacy.
No losses, no lawsuits, no increase in compliancecosts, no insurance claims.
Short- and mid-term Profits and long term value.
Employment and compensation. Company
performance. Usually I.T. as a means, not end.
SLA CONSTITUENCIES GAME- - MIX AND MATCH!
8( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
9/16
SO WHAT DOES AN SLA USUALLY COVER
Techies embrace them . . . lawyers love them . . . sales staff hate them . . .customers ignore them . . . . so . . . .
Intended to be legally binding agreement
Establish uptime and service levels for one business to provide cloud-basedservice and capacity to another business
What service?
What level? Level of what?
Who drafted this SLA anyway?
9( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
10/16
SLAS HAVE ABOUT 7 ELEMENTS, OR NUGGETS, WHICH BEAR
CONSIDERATION WHEN PREPARING, REVIEWING, EXECUTING,
PERFORMING UNDER OR ALLOCATING RESPONSIBILITY UNDER:
1. Identification ofparties. Who will be legally bound. Who is the provider andwho is the recipient?
2. Term; Length of time during which the parties are bound.
3. Performance metrics.
4. Defined terms. Infuses the performance metrics.
5. Exceptions or failures of performance. Remediation, correction ( . . . butrarely remedies or damages in the lawyers sense).
6. Process for identifying exceptions or failures and prosecuting remediation orcorrection and claims-making.
7. Exclusions. Re-allocation of responsibility. Not-my-fault.
1 2 3 4 5 6 7
10( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
11/16
Consider the reliance,
the comfort thatusers of contracts,including SLAs, get- - perhaps unduly -- from nuggets likethese in their
contracts . . . .
(all terms in airquotes with asmart-alec look):
Core components
Best efforts
Industry standard Best of breed
Best practices
Error Rate
Request (or someother term forcustomer trying toget stuff
Material . . .Substantial
LINGO DANGERS
11( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
12/16
GENERAL ARCHITECTURE OF A CLOUD PROVIDER SLA.
Description of Services; some defined terms
Reference to (if not description of) maintenance, scheduled downtime,notice of maintenance.
Providers commitment to uptime
Reporting
Remedies - - often too grand a word - - it may be simply a credit for lossof uptime. Note it may not kick in unless customer asks for it. (How
does customer know?) Calculation of creditExclusions: customer equipment or software; customer connectivity;maintenance and similar interruptions after notice; Customer-relatedhuman error; old stand bys like force majeure.
Special contract and liability exclusions: consequential, incidental andpunitive damages exclusions.
12( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
13/16
13( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
14/16
14( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
15/16
IF YOU WOULD LIKE TO TALK IN MORE DETAIL ABOUT SLAS. . . .
Service Level Agreement
Network Data Center Infrastructure
Cloud Server Hosts
Migration
Credits
Network
Data Center Infrastructure Cloud Server Hosts
Migration
Definitions
Limitations
15( C ) 2 0 1 2 L A B E R E E L A W P C
-
7/29/2019 LLPC CSA NY Presentation SLA
16/16
TERMS OF USE TOPICS
Cloud Terms of Service
Defined Terms [provider]s Obligations and [customer]s Obligations Access to the Services Access to Data Unauthorized Access to Your Data or Use of the
Services Disclaimers
Term Fees Limitation on Damages Indemnification No High Risk Use
16( C ) 2 0 1 2 L A B E R E E L A W P C