Peter Wayner hit the nail on the head with his excellent review of cloud computing services. Someday, application developers will need to sit down and puzzle out best practices for the new, cloud-driven paradigm. But for now, understanding the legal ramifications of these services should be enough to give potential enterprise customers pause.
"One of the ways to go truly insane is to read the terms of service for these clouds," Wayner writes. The agreements are complex, nuanced, and occasionally vague. And in most cases the terms are stacked decidedly in the vendor's favor.
Amazon actually offers an SLA (service level agreement) for its S3 data-storage service. Customers pay reduced fees if the monthly uptime of the service drops below 99.9 percent. But no such agreement covers the other services in Amazon's cloud computing portfolio, including the EC2 application-hosting service. Similarly, Google offers no SLA for its App Engine platform, which it describes as a "preview release."
And let's not forget that SLAs, where they do exist, are merely business agreements. They're not guarantees. Recent outages at both Amazon and Google have left some customers wondering whether, for all these companies' vaunted infrastructure, their services are really any more reliable than traditional Web application hosting.
But service availability may actually be the least of cloud computing customers' worries. More troubling is the fact that cloud computing vendors can choose exactly where and how customers use their services, and even for what purposes.
Developers are often asked to deploy technologies on tool vendors' own terms. Sun Microsystems' binary code license agreement for the Java platform, for example, notoriously specifies that Java is not intended for use in any nuclear facility.
But while it's one thing to disclaim the suitability of a tool for any given purpose, it's quite another to actively block the tool's use. In a cloud computing environment, the vendor holds the strings. If at any time the vendor decides that a customer is in violation of the terms of its service, that customer's application can go dark now, immediately, and completely unilaterally -- SLA be damned.