According to Ivanka Menken, COO at The Art of Service, an IT consultancy based in Australia and the Netherlands, SLAs need to ensure that your information remains secure, that backups run on a regular basis without interfering with business processes, and that the restore/recovery is easy and accurate.
Menken says ensuring those results requires careful attention to several aspects of an SLA, including:
- Security: You need to be assured that data is safe and retrievable. That means you need to know who has access to the data and whether that access is in accord with privacy regulations. You also need to know how data is transferred to and from the backup site, how security is guaranteed at the backup location, and the guarantees and warranties on that data.
- Availability: Menken says it is critical to get an understanding of the availability of backed up data for retrieval/restoration purposes. How long can it take to restore the image (based on the importance of the data and the business processes it supports)? Are there different levels of availability for various types of data? What are the definitions of the backup types such as incremental or differential? Finally, she suggests, it is good to find out how the integrity of the backup data is tested, how often it will be tested, and who will receive the test results.
- Incident management: What guarantees are there for response times? When you need to access data, how quickly does the vendor acknowledge your request and respond? Also, notes Menken, "What happens when you only need a small component of the data that is backed up? As part of incident management, you might only need to restore one module of an application -- are you able to do this?"
- Contacts and communication: Menken says an SLA should realistically spell out escalation procedures indicating the contact points and how you can you reach them.
- Financial management: When it comes to the bottom line, Menken says an SLA should indicate who is liable for loss of data should the backups fail. "You trust the outsourcing organization with your data in case of a technical failure in your business, but what happens when you can't restore from the backup?" she asks. Similarly, she says, be sure you know what happens if a file is corrupted and unreadable and what the financial implications are for you or your vendor.
- Technical infrastructure: Finally, notes Menken, be sure to consider the technical infrastructure you need to support backup. In most of the United States, fast internet connections are readily available, making remote backup practical. But this isn't true everywhere.
Adding to the list of potential "gotchas," Dave Russell, a Gartner Inc. analyst, points out that backup and restoration are keyed on the amount of time it takes to provision storage. "SLAs are usually centered around the time it takes to provision," says Russell. SLAs can also fan out to include the performance of switches and other devices, "but most often they focus on capacity and protection, and sometimes archiving and retention," he explains.
Nowadays, notes Russell, not only are there different levels of storage but there might be different types of requests made regarding that storage. For example, he explains, higher tier storage might need to take less time to perform provisioning or recovery.
Backup success standards are another possible SLA benchmark. "The traditional measure has been backup success rate; if you look at a number, like 96% or 98%, which might sound good on a child's report card, in business that might be very bad, especially if what is missing is something that could wipe you out. So having the proper SLA on recovery is very important."
Furthermore, he notes, recovery point objectives are becoming more important as SLA elements. "One system might offer 24-hour granularity and another two-hour granularity, which is a big difference," he adds.
Lastly, Russell says if you happen to be outsourcing to an internal service provider, be sure the SLA is really something you can live with. "These agreements sometimes deal in what people call 'funny money' and they may not live up to what you need."
About this author: Alan Earls is a Boston-area freelance writer focused on business and technology, particularly data storage.
Dig deeper on Remote data protection