Sunday, January 29, 2012

Microsoft Cloud SLA

Cloud services are not based only on technical requirements but on different non-technical requirements that enterprises require. These requirements (e.g., application performance, uptime, reliability, connectivity and availability) are expressed and negotiated by means of Service Level Agreements (SLAs). In the following posts we will look at the standard SLA’s for Microsoft; Amazon and Google’s SLA’s covering their cloud services.

My objective here is to make sure we can compare SLA’s between vendors and make sure points that need to be understood are out in the open so they can discuss with IT, Legal, Business and our vendors.

In this post we will look at Microsoft’s SLAs for its Azure cloud services (Compute, storage, sql, service bus and access control).

You or your organizations are responsible for determining whether our security meets your requirements.

You are entirely responsible for maintaining the confidentiality of your password and account.

You are entirely responsible for any and all activities that occur under your account.

You could be held liable for losses incurred by Microsoft or another party due to someone else using your account or password.

Microsoft will store the information you provide on computer systems with limited accesses, which are located in controlled facilities. 

Microsoft when transmits highly confidential information (such as a credit card number or password) over the Internet, they will protect it through the use of encryption, such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol.

Microsoft only uses data encryption on data that they believe to be private. Microsoft recommends any data you feel to be private that you use encryption.

Information collected:
Like any corporation today Microsoft loves to know information about its customers. So in your dealings with Microsoft; in setting up accounts, etc, for cloud services be cogitative the following information is being collected.

Including the site you came from.

The search engine and the keywords you used to find Microsoft sites.

The pages you view within Microsoft sites.

Your browser add-ons.

Your browser's width and height.

The pages you view.

Links you click and other actions you take on our sites and services.

Your Internet Service Provider.

Your IP address.

Browser type and language, access times and referring Web site addresses.

They also can and will supplement information they collect with information obtained from other sources. I.e., derive your general geographic area based on your Internet Protocol (IP) address.

Data Locality:
Information you provide or upload to the Portal may be stored outside the country in which you reside.

Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities.

Microsoft abides by the Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

I asked a Microsoft Senior Developer Evangelist what he knew about data locality his response was “OK – I checked around a bit, and although I am not a lawyer, the general consensus is that it’s based on the physical location of where the data center is located, not the location of the company that owns the data, or the location of company that owns the datacenter.” Given the point of having cloud services is suppose to release us from knowing where the actual data is or where is has been replicated for backup purposes I think this is a big concern if you are storing data in the cloud where privacy laws or government regulations may apply.

Basic SLA is 99.9% (“Three nines”) for Azure services. This would give your organization 8.76 hours of downtime per year, 43.2 minutes per month and 10.1 minutes per day. 
Failure to comply with the SLA uptime percentages would result in a 10% or 25% discount on the monthly billing for the service, depending on the degree of the failure.


No comments:

Post a Comment