Cloud Computing Contracts
“The universe never did make sense; I suspect it was built on government contract.”
– Robert A. Heinlein (1907-1988), American science fiction writer.
A contract is defined as “a legally enforceable agreement between two or more parties for the doing or not doing of something specified.” Contracts are the cornerstones of business. Unfortunately, for cloud computing, contracts are still a grey area that has the potential for causing serious problems.
In some of my previous articles, I had mentioned how lack of clarity of contracts is holding back widespread adoption of cloud computing. A lot of the problem can be traced back to the absence of “established contextual standards to assist the integration of cloud services into existing IT infrastructures, to support the exchange of information between different clouds, or to allow swift procurement and contract negotiation.” (See: Cloud Computing Standards: How Important Are They?).
This had led to vagueness on what is legal and what is not, the most notable example in recent times being the debate on the morality and legality of Amazon’s action on WikiLeaks (See: Cloud Computing and WikiLeaks: Was Amazon’s action justified?). Now, IT research analyst firm Gartner has come out with a report that highlights some of these very issues.
The report, titled “Four Risky Issues When Contracting for Cloud Services” enumerates the main risks Chief Information Officers (CIOs) should address when looking to go on the cloud:
1. Contracts are not mature for all markets
Gartner said that cloud computing contracts “lack descriptions of cloud service providers’ responsibilities and do not meet the general legal, regulatory and commercial contracting requirements of most enterprise organizations.”
2. Contract terms generally favor the vendor
Gartner said that current contracts favored vendors and contracting companies need to “to be clear about what they can accept and what is negotiable.”
3. Contracts are opaque and easily changed
Gartner found that many contracts are not very detailed, with many critical points being absent from paper but put on linked web pages. This gives rise to a potential problem: clauses that are only fully documented on these pages can change over time, often without any prior notice. Companies were advised to ensure “terms cannot change for the period of the contract and, ideally, for at least the first renewal term without forewarning.”
4. Contracts do not have clear service commitments
Gartner said that most providers remain vague on service commitments by limiting their area of responsibility to what is in their own network by saying they cannot control the public network. Therefore, contracting companies should understand the possible situation in case of service failure.
“Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance,” cautioned Frank Ridder, research vice-president at Gartner. “Chief information officers and sourcing executives have a duty to understand key areas of risk for their organizations.”
Alexa Bona, also a research vice-president at Gartner, suggested, “It’s essential that organizations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks. This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change — sometimes without notification.”
By Sourya Biswas