Helping clients manage their technology for over 30 years.

Essential SLA Elements #5: Protecting your data from the goblins

A service-level agreement works best when it’s the result of a collaborative effort between you and a service provider you can trust. This kind of trusted collaboration will uncover the most cost-effective ways your provider’s IT capabilities can be put to work for your business.

Part of that trust involves the fifth and last Essential SLA Element on my list: Procedures for the safe and prompt return of your data upon service termination.

Continue reading

Essential SLA Elements #3 and #4: Monitoring, enforcement, and change mechanisms

A good service-level agreement looks simple — but that’s because it’s been conscientiously negotiated to meet the buyer’s needs. Of the five essential SLA elements that every managed and cloud services customer should focus on, I’ve described two — specifying service functionality and describing the infrastructure and standards to be maintained by the provider.

Essential SLA Elements #3 concerns SLA changes. Your SLA should include a mechanism by which you can regularly tune it in response to changing business conditions or new technologies. You’ll benefit from building in a formal review of your SLA (at least annually) in order to use experience and new information to revise it.

Continue reading

Essential SLA Element #2: The devil’s in the details

I’ve already blogged about the importance of negotiating a service-level agreement that specifies the functionality of the managed and cloud services you engage.

Now I’m going to focus on Essential SLA Element #2: Including details about the system, network, and security infrastructure and standards to be maintained for your services by the provider.

Continue reading

Essential SLA Element #1: Why specifying each service to be provided is critical

I see five essential elements that you absolutely need to pay attention to in your managed and cloud services SLAs. I’ll review each of them in my blog, starting with: Specifying each service to be provided.

This may seem obvious, and, in fact, it is. Yet too many service-level agreements are surprising vague about what exactly you’re buying.

Continue reading

Your SLA: Forgotten secret to getting the most from your cloud provider

To get the most out of your managed or cloud service, you need to invest the time in negotiating a good service-level agreement.

The SLA is a key part of the contract between you and your provider, since it describes the levels of service being provided and the metrics used to ensure your provider delivers full value. And the right SLA with the right service provider can mitigate cloud risks and help your business flourish.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading

2 tricks that can deliver the right service provider treats

It’s a 21st-century truth that even small businesses need complex information technology infrastructures to thrive. Which is why so many enterprises, both large and small, depend on the expertise of independent providers of managed and cloud services.

But using managed and cloud services can be risky, too. How reliable is the service? Where’s your data? And what about security?

Continue reading

On the menu: Networking, dinner, and the scoop about cloud computing

Cloud Computing has been defined by the National Institute of Standards and Technology (NIST) as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

No wonder the Sacramento chapter of Financial Executives International (FEI), the leading organization for senior-level financial executives, wants to hear about it.

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading

Don’t let your firewall get burned by employees’ mobile devices

As more and more of your employees use mobile devices, these machines may start out behind your firewall — but they don’t stay there. They move around, to other networks with different firewall rules. Or no firewall at all.

When that mobile device returns to its trusted place behind your firewall, it may carry a cyber-infection that can attack your network from the inside.

The great firewall challenge lies in balancing the tradeoffs between degree of protection, usability, and cost. That balancing act starts with understanding what your firewall actually does.

Continue reading