Analyst firm, Gartner, published a set of guidelines intended to ease relationships between cloud vendors and users. As cloud computing becomes more pervasive, the ecosystem (including vendors and analysts) is seeking ways to align expectations among relevant parties.
Gartner specified “six rights and one responsibility of service customers that will help providers and consumers establish and maintain successful business relationships:”
The right to retain ownership, use and control one’s own data - Service consumers should retain ownership of, and the rights to use, their own data.
The right to service-level agreements that address liabilities, remediation and business outcomes – All computing services – including cloud services – suffer slowdowns and failures. However, cloud services providers seldom commit to recovery times, specify the forms of remediation or spell out the procedures they will follow.
The right to notification and choice about changes that affect the service consumers’ business processes – Every service provider will need to take down its systems, interrupt its services or make other changes in order to increase capacity and otherwise ensure that its infrastructure will serve consumers adequately in the long term. Protecting the consumer’s business processes entails providing advanced notification of major upgrades or system changes, and granting the consumer some control over when it makes the switch.
The right to understand the technical limitations or requirements of the service up front – Most service providers do not fully explain their own systems, technical requirements and limitations so that after consumers have committed to a cloud service, they run the risk of not being able to adjust to major changes, at least not without a big investment.
The right to understand the legal requirements of jurisdictions in which the provider operates – If the cloud provider stores or transports the consumer’s data in or through a foreign country, the service consumer becomes subject to laws and regulations it may not know anything about.
The right to know what security processes the provider follows - With cloud computing, security breaches can happen at multiple levels of technology and use. Service consumers must understand the processes a provider uses, so that security at one level (such as the server) does not subvert security at another level (such as the network).
The responsibility to understand and adhere to software license requirements - Providers and consumers must come to an understanding about how the proper use of software licenses will be assured.
Readers interested in this topic should also see enterprise analyst, Ray Wang’s, Software as a Service (SaaS) Customer’s Bill of Rights. That document describes a set of practices to ensure consumer protections across the entire SaaS lifecycle, as indicated in the following diagram: