Making A Service Level Agreement with Your Hosting Services Provider

  • Hits: 60

With the increasing adoption of Managed and Cloud services, where either an entire or a part of IT function is outsourced to a third-party services provider, the need for unambiguous, easy to apply and easy to follow service agreements are becoming more important. The level of effort that goes into preparation of a Service Level Agreement (SLA) between a services provider and the end-customer, is usually proportionate to the duration of the engagement. Typically, a longer term contractual engagement will have more detailed and rigorous descriptions. 


A Service Level Agreement is defined as an official undertaking between a Hosting Services Provider and an end-customer. This agreement describes various aspects of the service including quality, availability, and responsibilities. The SLA converts the Hosting Provider’s services into a known function. This is particularly important where continuity and consistency of services from the Hosting Provider is important for the end-customer. 


In fact, SLAs are now widely used in a range of IT related services. These include IT administration services, managed application services, Cloud Computing, amongst others. Another spin off is the use of SLAs by IT teams within an organisation to manage the expectations of in-house stakeholders and customers. This helps the IT team of the organisation to have its services justified, measured and benchmarked with other external IT service providers.


Hosting Service Providers need such agreements in order to manage customer expectations. They also need to define the situations under which they are liable and not liable for deviations from the expected performance. For the end-customer having a prepared SLA allows the services of one provider to be objectively compared with another.


A well written and legally comprehensive SLA may include as many as two dozen different heads. This covers Definitions and Interpretation, Term of Agreement, Service Provider’s Obligations, Client’s Obligations, Fees and Payment, Provision of the Hosting Services, Service Levels, Scheduled Downtime, Service and Performance Monitoring, Confidentiality, Intellectual Property Rights, Termination, Post-Termination, Liability and Indemnity, Nature of the Agreement, Severance, Relationship of the Parties, Notices, Law and Jurisdiction, etc.


Notwithstanding the above, a few of the more important clauses used in a Hosting Services Provider agreement appear below:


· Services - This is a detailed description of the services that will be provided and the end-customer groups that will receive specific services. 

· Availability - This is a description of the uptime limits of a service. The service may also be described in terms of performance, business expectations and outcomes. The higher the availability requirement, the more expensive the service.

· Downtime - This is a description of the situation when the service is not available, exclusions for responsibility and force majeure, and the process of rebate linked to established failure.

· Response time - This is a description of the time to respond and rectify based on the nature of the failure or complaint.

· Escalation - For an externally hosted service, especially when there are time zone differences, this description is the most important for rectification of a fault. Going through a help desk or call centre repeatedly may not ensure timely rectification of the fault.

· Schedules for notification - This describes the lead time required to be provided when there are any planned shutdowns or disruptions in the service. Planned maintenance cycles are usually known well in advance and can be built into business outcomes.

· Benchmarks - This is a description of the parameters used to gauge the upkeep of the SLA and the point of responsibility for producing, monitoring and escalating these benchmarks.

· Help desk - This is a description of how the help desk will respond based on the nature of the complaint or fault and the end-customer flagging the complaint. 


In conclusion, just because a Service Level Agreement exists, it does not mean that the service provider and the end-customer will meet each other's expectations. Leveraging the terms in the Service Level Agreement must be the means of last resort. There is much that can also be accomplished without resorting to it.


Cybersecurity Checklist For 2017

  • Hits: 52

Few things are as fundamental to the survival and growth of a business as the integrity of the information and data that is critical to its functions and competitive advantages. Data security and protection against malicious intervention by external entities, seeking to create process disruptions, is a clear and present challenge to several key functional and structural elements that a business is built on. Compromised security can lead to multiple disruptions and losses, ranging from financial losses, loss of competitive advantages, loss of client trust, downtime and compliance breaches. 


Until the recent past, firewalls and other technological filters designed to restrict access and effect, have served enterprises well in their pursuit of security. However, with the introduction for several new technologies, such as mobile IT infrastructure, cloud computing, collaborative access to data with clients and partners etc. have introduced a new range of vulnerabilities and security issues. In order to remain secure, in the current era, companies must endeavor to remain abreast of the latest technologies and strategies that provide them with the means to secure their data and other IT related assets. Managed Security Services Providers are an excellent option to place such critical requirements and functions in the hands of experts, who have the specific skills to execute them effectively.


Security risks and challenges can be broadly divided into some specific categories, each requiring its own set of strategic, process and operational approaches to minimize and control. Managed Security Services are a handy way to address these concerns.


Here are the top things you must do to help protect your business in 2017:


Manage vulnerability through mobile access and cloud computing: Technology is best understood and classified as a tool, which inherently makes it vulnerable to incorrect or thoughtless use. All the systems and processes at the disposal of an enterprise require that they are deployed so that their utility is enhanced and their misuse or malicious use is curtailed. Both cloud computing and mobile IT access, by their inherent nature, draw their advantages from the ability of multiple entities to gain advantage from their use through multiple locations, platforms and networks. This multiplicity of access, naturally, also makes these technologies vulnerable to malicious intervention, if they are not properly deployed, with an eye on security. Real world protection against the misuse of these technologies is largely dependent on controlling unnecessary background processes and restricting the access of unauthorized and malicious entities. Delegating these concerns to a Managed Security Services Provider can be a very effective way to address these issues.


Design and enforce IT processes and cybersecurity measures: A response to vulnerabilities should not undermine the core advantages offered by a process or technology, as a whole. Fortunately, with the application of good strategies and design, IT infrastructure offers users an opportunity to introduce high levels of security while still keeping the system functionally agile and effective. Enterprises should invest the time and skill required to identify an appropriate Managed Security Services Provider, who can design their IT infrastructure and systems to enhance the end user experience, but restricting access to unauthorized entities.


Manage Networks, Applications and Platforms with an eye on security: The rise in the delegation of IT process to specialized external support and management companies, businesses are reaping the rewards of lowered costs and enhanced service levels. However, the compatibility of the enterprise and the Managed Security Services Provider needs to take into account the security oriented measures inherent to the design and operation of the IT system. In the risk versus consequence equation, security is one of those concerns that can either enhance or undermine the relationship. Care should be taken in the selection of a Managed Security Services Provider so that these concerns and issues are addressed adequately.


Create best practices and policies around cybersecurity: No system can be secured effectively without the active participation and commitment of its end users. While a Managed Security Services Provider can greatly reduce the vulnerability of a system, the adherence of end users to a well drafted policy governing their use and access is essential to the successful provision of security. Enterprises must train their employees to ensure the optimal use of IT systems without the introduction of vulnerabilities due to work practices.


The increasing trend towards the outsourcing of IT functionality to specialized companies is enhancing the competitiveness of several companies. The benefits of such a move can often be so essential to the future of a company that the decision to embrace the practice seems inevitable. However, as with any change involving an external entity and a new set of processes, care must be taken that the policies, processes and delegation of resources and responsibilities is well considered, well conceived and well executed.


The 7 Point Checklist for Choosing a Managed Hosting Provider

  • Hits: 58

Anyone who has managed the IT infrastructure of a company will, no doubt, agree that it is a complex and demanding function to deliver. Everyday functionality to long term strategies, several aspects involved in a company’s IT operations require specific skillsets and considerable amount of time. 


Given these challenges, Managed Hosting has been a boon to businesses around the world. Nominally, Managed Hosting can be described as an IT provisioning model in which a service provider leases dedicated servers and associated hardware to a single client and the equipment at the hosting provider's facility is managed by the service provider. This converts CAPEX to OPEX, gives you access to a wider range of advanced IT features and services, highly specialized talent and the latest technologies. It also lets you focus on your core business objectives as day to day IT operations are managed by the Service Provider.


For a business to choose the best Managed Hosting Services Provider in the UAE, it needs to make careful and thoughtful evaluation. Some of the key factors that a business should consider include:


1. Facility and network: It pays to ensure that the Managed Hosting Services Provider is committed to the highest possible standards of physical infrastructure, with regard to the Data Centre and Networking. Services should include reliable internet connectivity, with ample redundancy built into the network. Power and cooling are also critical in optimizing the performance of IT infrastructure. 99.99% availability for your hosted services can be achieved by a well maintained N+1 Data Centre facility, and a lesser N standard can result in more downtime. In addition, it always pays to deploy the highest quality version of hardware and this should be part of the commitment that a Managed Hosting Services provider agrees to.


2. Security: Security can be particularly important when businesses handle business critical information. A comprehensive package should include well designed firewalls, scanning for malware, filtering spam and other unwanted data, updates etc., as well as physical security measures for Data Centres. Services that include physical security staff, biometric scanners and video cameras are preferable. Also, SSH and VPN access is superior to direct access to client equipment and is a good indication of quality service. Likewise, it is good to ensure that login and access restrictions and practices are up to par and best in class. Also these services should be maintained by high quality resources around the clock on a 24/7/365 basis. 


3. Cost: Low costs doesn’t necessarily mean a lot of savings for your business. While there are many providers in the market who offer low costs as compared to others, but once you start reading through the fine print, you will realize the non-covered items quickly add up to an amount equal or above what another vendor may have offered as a part of the solution. In fact, low costs can sometimes mean more risks for your business: Lack of support, insufficient technology & resources, unreliable Data Centre facilities, and this can end up being very costly for your business.


4. Service Level Agreement (SLA): Scrutinize your prospective vendors’ SLA and negotiate upfront on areas/time frames that are unacceptable to your organization. Look for a provider who has 99.9 per cent uptime at a minimum, with financial incentives to ensure this SLA is met.


5. 24/7 support: Managed Hosting Service Providers absorb and reduce the cost of employing skilled specialists who are well versed in setting up the most appropriate configuration for servers at the outset of the lease, while continuing to fine tune and calibrate the IT infrastructure used by the client, according to the evolving needs of the enterprise. A business should ensure that the services it is signing up for will include 24/7 response from human operators rather than automated processes. The IT administrator assigned to an enterprise, and their team, are a critical functional cog and it pays to establish a hands on and healthy relationship with them.


6. Back up and disaster recovery: Lost data can undermine the trust and company profile an enterprise has built through the years in one fell swoop. Other negative consequences of such a disaster can include, financial loss, downtime and missed opportunities. It is critical for a company investigating to ensure that the potential services provider has committed to a comprehensive and effective Disaster Recovery plan and ongoing data back-up.


7. References: Before committing to a Managed Hosting Services Provider, it is a very good idea to investigate and understand its professional, financial and functional stability. When you take on board the functional benefits of acquiring such a service, you also leave yourself open to the vulnerabilities introduced via an external party’s strengths and weaknesses. It is important to seek the feedback of other enterprises that the services provider has been involved with, as well as to get a good idea regarding their ongoing viability and previous record.


In summary, Enterprises enthused by the opportunity presented by Managed Hosting Services need to take care that the service provider is providing a solution that comprehensively addresses and enhances their processes. Finding the perfect fit for a particular set of business requirements is fundamental to the success of the strategy.

7 tips for an effective Disaster Recovery plan

  • Hits: 72

The sinking of the RMS Titanic after hitting an iceberg on her maiden voyage, from Southampton to New York City, is one of the most famous disasters of recent centuries. In April 1912, when she set sail on her voyage, the Titanic was the largest ship ever built and was considered to be unsinkable. However, a series of events - that included unexpected weather phenomenon and human error - resulted in a tragedy that claimed the lives of over 1,500 people. Recent investigations and scientific tests carried out on the sunken vessel have isolated the low grade of iron used to make the more than 3 million rivets that held the Titanic together as a significant contributing factor to the disaster. Ultimately, despite being a colossal vessel of remarkable size and an engineering marvel of its time, the Titanic was undone by one of the smallest and seemingly most inconsequential of its components. 


Disruptions and disasters occur because all possible scenarios can never be completely anticipated and prepared for – perhaps this is why the term “unthinkable” is so widely used in the context of disasters. The fundamentally inexplicable nature of certain disasters is the reason why even the best designed systems and operations need an effective disaster recovery plan, should the “unthinkable” occur. 


The familiar and well known tragedy of the Titanic, serves to remind us that a good disaster recovery plan in Dubai – and the UAE in general – ought to go beyond anticipation of the likely sources of disruption. It should, in fact, presume a possible system failure and devise ways to limit damage and loss. Some of the ways in which an enterprise can prepare itself, for failure, in order to limit damage and its duration, are listed below.


1. Planning for least possible disruption of communication: An effective disaster recovery plan must begin from a well devised methodology that allows the enterprise to maintain basic communication – between departments, between management and staff, as well as between the enterprise and its clients and collaborators. In order to best prepare for an extreme event, an enterprise must have pre-identified alternatives to standard methods of communication and coordination, which can operate outside the realm of business as usual scenarios. 


2. Clearly identified performance parameters: As with every enterprise regardless of geographical location, a good disaster recovery plan in the UAE must take into account the everyday functional realities specific to the industry and the region. Specific variations in work culture and hierarchy must be taken into account in order that the enterprise can operate well enough to recover - who is to perform what function, in the event of disruption; which individuals and departments are most critical to the containment of an event, and which functions are the priority areas to address. 


3. Clearly identified roles for individuals and departments: An effective disaster recovery plan should not only restrict itself to planning for an alternative process and technologies, but it also needs to have well-rehearsed and clearly defined alternative roles – for individuals and departments – in the event of disruption. While not all contingencies can be identified, it is always possible to have alternative functions in place in order to best utilize the resources of the enterprise during an emergency.


4. Established practices and service agreements: While the affected organization itself is likely to act in its best interests, several outside entities – from clients to collaborators – are affected by a disaster. A good disaster recovery plan should include a well devised plan to limit the damage to such entities, as well as a clearly defined process that these entities are aware of. While a disaster often brings out the best in people, one that has originated in an outside entity can easily be perceived as a deal breaker, should it be mismanaged and should the interests of external entities be compromised beyond the inevitable.


5. Protecting sensitive information central to the business: Every enterprise has operational information that can harm the organization, should it fall into the wrong hands or compromise privacy or security – whether within or outside the organization. Disasters can often introduce stress that undermine such issues. An effective disaster recovery plan should identify worst case scenarios, likely sources and points that could cause such repercussions and the most optimal ways to minimize such damage.


6. Regular testing of emergency procedures for effectiveness: Even the best devised disaster recovery plan can prove to be ineffective, if the elements that need to come together to minimize damage are not sufficiently prepared for, and familiar with, the contingency plan. Regular testing and re-familiarization with the disaster recovery plan is a must so that the disaster can be negotiated with minimal damage. Likewise, any change in parameters and variables needs to be accounted for and incorporated within the disaster recovery plan – as well as the resultant changes communicated to relevant entities.


7. Robust redundancy of procedures, process, entities and infrastructure: An effective disaster recovery plan does not only involve the attempt to make the most of the elements that have survived the disruption, but there needs to be redundancy built into every aspect of the system itself. Redundancy not only limits the range and scale of the disruption, it also reduces the chance for a disruptive disaster. While isolating functions and departments is counter intuitive and not desirable, redundancy allows for separation of these elements so that the disaster can be minimized and contained. 

Top 3 Data Backup Practices & Strategies for Businesses

  • Hits: 81

We are drowning in data – there is no doubting this statement. In fact, we are generating so much raw information every day that losing it will have major implications. 


1.There are stories in data. What customers want, what customers would rather not see, what the next market game-changer will be – everything is there in the data that businesses generate. There is just a need to crunch this data in the right way. 


2.Losing this data can be catastrophic. Would you risk losing months, or even years of precious data that will cause loss of earnings, potential data leaks or embarrassment in front of your customers?


The only way to ensure the safety of company data and information is to have a robust data backup strategy supported by storage best practices. 


The cost of not backing up data 


According to a recent survey, data loss is increasing at a rate of 400% per year. An estimated $1.7 trillion is what businesses stand to squander if they do not invest in proper data backup. 


What’s more? Even in this era of cutting edge technology, many organizations in the UAE claim that they do not have any disaster recovery measures in place. 


Three steps to an effective data backup plan


1.Analyze what needs to be stored and why: Osterman research has shown that 75% of the data that employees need to operate productively on a day to day basis is hosted by email servers in the form of messages and attachments. Let’s not forget the social media interactions with followers, clients and influencers that can prove to be invaluable research. The point is that everything around a business is a potential source of data and thus insights. Backing up only the transaction records or the preferences of clients is just not enough anymore. Companies need to think outside the box. Consider all digital platforms that puts you in touch with the people who are vital to your business. How much of this data is irreplaceable? How much of this data is sensitive and should be backed up in an encrypted database? Without concrete answers to these questions, a fool-proof backup plan is not possible. 


2.Plan for all contingencies: Is it enough to randomly back data up? No! Data backup costs money. And thus businesses need to be very strategic with how they go about the process. 

-Redundancy is important. There has to be a back-up of the back-up of information that can’t be recovered if it is lost. 

-Don’t put all your eggs in one basket. Redundancy in terms of geographical location is also important. This kind of foresight mitigates the impact of disasters. Ensure that mission critical and sensitive data is backed up in multiple locations. And is easily accessible to the workforce. 

-Safety is paramount. Data loss is not the only problem that enterprises face. Data breach is another. Enforce security protocols like passwords and limited access permission for classified data and keep yourself and your backups well covered. 


3.Test your backup system: Not testing a backup plan for operational errors and flaws is the worst mistake that a business can make. It is important to give the backup platform a test run as soon as it is implemented and do so regularly thereafter. 


The key is planning, training, testing, and regular review of the plan. Do this and you will survive any trouble that you might encounter. 


eHDF, UAE’s leading data centre provider offers an array of Managed Services including storage and backup. For fast, flexible and centralized data protection across platforms, write to us at


eHDF caters to clients across the globe. Some of our customers: