How To Balance Risk In Cloud Contracts By Adopting Best Practice

The first of a two-parter that looks at how to minimise risk when moving to cloud.

Enthusiasm for cloud computing is undiminished with survey after survey showing that cloud adoption is significant. But, in their rush to embrace cloud, are customers taking on greater risks than they need to? And are cloud service providers seeking to exclude all risks when providing services?

The allocation of risk between a cloud service provider and its customer is done through the contract. A Cloud Industry Forum survey earlier this year indicated that 45 percent of customers were not offered the opportunity to negotiate contracts suggesting that cloud service providers are using standard contracts and click-through arrangements. Also, a third of customers reported that their cloud service providers could change the contract by simply posting a new version online. In some ways, the more revealing statistics are that many customers did not try to negotiate their contractual position and simply did not know what their contractual exposure was.

That is changing. Clearly, where customers are looking for a standardised or cheap cloud service there will not be much opportunity for them to discuss the allocation of risk with their cloud service provider, nor should they expect to. Otherwise, as cloud services mature, with more service providers and channel resellers offering cloud products, customers will have the ability to shop around for the best protection.

Not surprisingly, in a crowded market, cloud service providers and resellers are looking for ways to stand out in a crowded market. This includes joining industry bodies, such as the Cloud Industry Forum, which offers an accreditation scheme to a code of practice.

Cloud providers can also adopt best practice in their contracts. In conjunction with Cloud Industry Forum, earlier this year we published a whitepaper providing guidance to customers and cloud service providers on best practice in cloud contracts.

Best practice recommendations include:

Local law for local customers

A cloud service provider that offers a standardised public cloud service with data centres in the cheapest location will not wish to be drawn into any discussions, let alone the customer's ability to apply its local law. But, where a service provider offers a bespoke or private cloud solution, then it might be willing to adopt the customer's local law or concede on other issues instead. Not surprisingly, data location and security...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT