Cloud Contracts: 12 Ways to Protect Yourself
Anyone who makes a move to the cloud expects lower costs, fewer hassles and rock-solid security.
Good luck with that.
As most computer professionals understand, promises in the technology world are easily broken and service is rarely what it’s supposed to be.
This is especially true with new and emerging tech tools and resources. The cloud’s no different. Today, its services face a variety of challenges, among them:
- Fluctuating market
- Emerging and changing legal precedents
- Acute lack of legislative and regulatory guidelines, and
- Perplexing and convoluted contract agreements.
You’re unlikely to have much influence over markets, the legal landscape or regulatory agencies.
Cloud contracts are another matter.
While a lot of providers will tell you their contracts are standard and set in stone, bargaining is the only way to find out for sure.
Don’t think of your cloud contract as just another outsourced function. This is a unique and dynamic relationship that involves your data, its accessibility and how you interact with it.
Consider these important aspects of your contract:
Get lawyers and finance advisors involved from the start
Their input will be needed to support IT expertise in the technology. If they don’t understand the technical risks, they can’t protect you from the threats you may encounter. Explaining technology to people who don’t work with it every day is a challenge. Having someone translate technical jargon may be a necessary part of your contract review and approval process.
Get references and recommendations
Talk to other technologists and heed their advice. The cloud is new and so are its customers. If possible, talk with others in your industry who’ve had experience using the cloud. But don’t count on vendors to make the introductions. Seek out others in your field at conferences and other gatherings.
Negotiate, if possible
Many providers have a business model that’s impenetrable, but on the off chance yours doesn’t, see if you can negotiate items critical to your operations. As I mentioned before, you can only find out if terms are negotiable by actually negotiating with the vendor.
Don’t get dumped
Make sure the deal can’t be terminated without cause. This means ensuring an agreement to end services. If you can’t get that guarantee, be especially cautious.
Guarantee an open door
Conversely, make sure that you can get out of the agreement if the services you depend on are suspended or dropped by the provider. If this happens, you should be able to end the agreement and pay no penalty.
Craft an exit strategy
It’s important that you are able to end services in a way that causes as little disruption as possible. Carefully define the vendor’s obligations to help you transfer out in a straightforward and simple manner that’s both orderly and organized. Be sure to be explicit about how long the vendor will keep your data.
Don’t get bullied
A vendor can hold your data hostage in a dispute, which means you could lose access to it if the relationship sours. Make sure that can’t happen with legal language that protects you from this tactic.
Get full disclosure
You need to know every provider who’ll be storing or managing your data. If your provider sub-contracts some services to others, know who they are and where they’re located.
Don’t get snagged in a merger or acquisition
The cloud is young and volatile. Make sure your contract ensures services from new owners or successors.
Secure the right to audit your vendor
Cloud service consumers need to make sure they can bring in an independent auditor to validate that they’re getting what they’ve paid for from the vendor.
Get acquainted with your vendor
Many cloud providers are new and in the early stages of formation. Be sure you know who they are and where they are located so that you don’t wind up chasing down an offshore outfit that disappears with your data and your critical systems.
Get your agreement on paper
Many of today’s cloud agreements list the terms online and ask for customers to “click” to agree to them. For a lot of companies and especially government agencies you my work with, this won’t wash. Get a hard copy, wet-ink version that can only be amended with the agreement of both parties to the contract.