The question for new cloud computing customers is, Should you sign on that dotted line?
Prospective cloud customers should take into account the criticality of the software, data or services in question, the unique issues associated with cloud computing, and the availability and price of various alternatives, says Masur. For non-core business tools or services involving routine, non-sensitive data, it often makes sense for customers to accept looser contract terms for that lower price. But when you're considering a cloud-related option involving mission critical systems, regulated personal data or sensitive business intelligence, it's time to call legal and get the red pens ready.
The biggest mistake new cloud services customers can make is either assuming the vendor's contract provides adequate customer protection or presuming there's no room to negotiate at all. While many cloud providers have been reluctant to deviate from their standard contracts whether due to their own restrictive business models or industry inexperience, that's beginning to change in this quickly evolving market.
Cloud Services | Oracle Contracts
For would-be cloud consumers looking to beef up the standard vendor agreement, the traditional IT outsourcing contract can be a good model. While there are no standard best practices in cloud contracting and no one-size-fits-all document capable of covering the spectrum of services available in the cloud, it can help to peruse a list of standard outsourcing provisions: privacy and security standards, regulatory and compliance issues, service level requirements and penalties, change management processes, business continuity, mandatory flow-down of all terms to subcontractors, termination rights.
Determine which are critical to address in your cloud services deal. After all, cloud computing is just another way to purchase software or infrastructure services, says Masur. Traditional outsourcing contract terms offer useful guidelines for cloud computing engagements, particularly infrastructure-as-a-service transactions involving sensitive data. And software licensing terms offer useful precedent for SaaS deals.
When Los Angeles and its IT outsourcing provider CSC signed a three-year Google Apps contract, the city was able to incorporate a surprising number of customer-friendly terms into the deal: a private cloud for sensitive data, mandatory data encryption, U. The average cloud services customer may not be so lucky.
Cloud contracts: 5 must-have elements
You may find no cloud computing vendors willing to agree to your must-have terms—an indication you're not ready to send that particular IT service into the cloud. But it is probably a bit more of an issue because many of the cloud providers are less mature and have not gone through the crucible of having to keep promises as the larger, traditional providers have over many years. Here are the latest Insider stories. More Insider Sign Out.
JEDI preparation ongoing
Sign In Register. Sign Out Sign In Register. In the age of austerity this final factor is perhaps the most important for government bean counters. Mark Adair considers some of key legal risks that cloud based solutions present to government and how the UK government is practically addressing these risks in its new G-Cloud cloud computing procurement and contracting model.
Cloud computing is in its relative infancy, but large government and financial institutions are becoming aware of the cost savings and efficiencies associated with cloud based commodity services i.
- Demographics of the U.S: Trends and Projections (Demographics of the Us)?
- Technology, law and politics!
- Blackboards and Bootstraps: Revisioning Education and Schooling.
G-Cloud establishes an umbrella Framework Agreement with a large number of cloud vendors for cloud based commodity services i. The most common concern raised by public servants when moving to the cloud is privacy and data security. These principles set out the essential security standards that a government customer should consider when evaluating cloud services. For those still concerned about data security, a portable storage device containing private data is arguably less secure than an encrypted private cloud service.
Private data has in fact been lost or stolen from the UK local councils more than 1, times between and and this is usually when a CD or USB memory stick goes astray.
Please review our terms of service to complete your newsletter subscription.
These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to Service Personal Data and having regard to the nature of the Service Personal Data which is to be protected;. This is problematic for government customers as they need to follow the correct internal legal and regulatory approvals for contractual terms, including approval for any subsequent changes to the signed agreement.
A typical G-Cloud agreement addresses this by setting out an order of precedence, so that a term in a document higher in the list overrides any contradicting terms lower in the list:. Schedule 1 of the G-Cloud framework states that service levels and financial recompense will be set out in the Service Definition that the cloud vendor will provide:. These often permit the cloud vendor to disclose confidential information to subcontractors who could be located anywhere in the world and who may not be required to comply with the strict obligations in the main contract between cloud vendor and government.
The G-Cloud framework requires a cloud vendor to:.