Domain 1: Cloud Concepts, Architecture & Design Module 6 of 70

Module 6: Shared Considerations and SLAs

CCSP Domain 1 — Cloud Concepts, Architecture & Design Section B 6 min read
The exam treats SLAs as governance instruments, not just uptime promises. When you see an SLA question, think about what happens when the SLA is breached — not just what the SLA guarantees.

Shared Responsibility Revisited

You encountered the shared responsibility model in the service models module. Here, we go deeper into how it is formalized through contracts and SLAs. The exam tests your understanding that shared responsibility is not just a conceptual framework — it must be codified in legally binding agreements.

The critical distinction: the shared responsibility model tells you who should do what. The SLA tells you what happens when someone fails to do it. Without an SLA, shared responsibility is just a suggestion.

Service Level Agreements (SLAs)

An SLA is a documented agreement between a service provider and customer that identifies services, metrics, acceptable and unacceptable performance levels, responsibilities, and remedies for breach. The exam focuses on several key SLA components:

Availability

Expressed as a percentage (99.9%, 99.99%, etc.). The exam expects you to understand what these numbers mean in practice. 99.9% allows approximately 8.76 hours of downtime per year. 99.99% allows approximately 52.6 minutes. The difference between "three nines" and "four nines" is enormous in practice.

Performance Metrics

Response time, throughput, latency. The exam may present a scenario where a cloud service meets its availability SLA (the service is up) but not its performance SLA (the service is unusably slow). These are distinct metrics with distinct remedies.

Data Management

Where data is stored, how it is protected, how it is returned at contract end, and how it is destroyed after termination. The exam emphasizes the data exit strategy — what happens to your data when the contract ends or the provider goes out of business.

Exam insight: If a question describes a contract with no data portability or exit provisions, the correct answer usually involves contract renegotiation before signing, not after. The exam rewards proactive governance.

Interoperability and Portability

Interoperability is the ability of different cloud services to work together. Portability is the ability to move data and applications between providers. The exam treats both as risk management considerations that should be addressed before signing a cloud contract.

Lack of interoperability leads to siloed environments. Lack of portability leads to vendor lock-in. Both increase risk. The exam expects you to recommend open standards, standard APIs, and container-based architectures as mitigation strategies.

Reversibility and Data Repatriation

Reversibility is the process of returning data to the customer and deleting it from the provider's systems at contract termination. The exam tests whether your SLA addresses: the format in which data is returned, the timeline for data return, verification that all copies are destroyed, and what happens if the provider becomes insolvent.

Governance and Compliance Considerations

The exam expects you to understand that regulatory compliance obligations do not transfer to the CSP. The customer remains accountable to regulators even if the CSP handles the technical implementation. SLAs should include right-to-audit clauses that allow the customer (or their auditors) to verify compliance.

Multi-jurisdictional data storage creates complex compliance scenarios. If a European company uses a US-based CSP that stores data in Singapore, which jurisdiction's privacy laws apply? The exam answer: all applicable jurisdictions. The customer must ensure the SLA addresses data residency and jurisdictional compliance.

Common Exam Traps

  • SLA remedies are usually credits, not compensation: Most CSP SLAs offer service credits for breaches, not financial compensation for business losses. The exam tests whether you recognize this limitation.
  • Uptime does not equal performance: A service can be "up" and still fail to meet performance requirements.
  • The SLA you need vs. the SLA offered: Major CSPs offer standard SLAs. If the standard SLA does not meet your needs, negotiation or choosing a different provider is required — not hoping the provider will exceed their SLA.

Key Takeaways

SLAs formalize shared responsibility into enforceable agreements. They must address availability, performance, data management, portability, and exit strategy. The customer must evaluate SLAs before contract signing, not after. Regulatory accountability stays with the customer regardless of SLA terms. SLA remedies are typically limited to service credits.

Next Module Module 7: Related Technologies (AI, IoT, Containers, Quantum)