Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cloud contracts -- the devil is in the detail

Puneet Kukreja | May 31, 2012
Cloud computing today is no longer a buzzword associated with universities or advanced technology organisations at the bleeding edge of innovation. It is now a mainstream sourcing model that most organisations are looking to as part of their broader IT strategy.

Cloud computing today is no longer a buzzword associated with universities or advanced technology organisations at the bleeding edge of innovation. It is now a mainstream sourcing model that most organisations are looking to as part of their broader IT strategy.

The shift away from building customised systems specifically for organisational requirements is fast approaching. Global financial scenarios are presenting a funding challenge for IT innovation initiatives, transformation projects and ongoing support services.

One of the greatest shifts was demonstrated and highlighted by a US Government White House Paper titled: "25 Point Implementation Plan to Reform Federal Information Technology Management", in December 2009, and included support for a "Shift to Cloud First Policy". An important point to note is the term "Stand-Up Contract Vehicles" was used for both secure infrastructure-as-a-service (IaaS) and commodity services. Supporting actions were required, alongside the endorsement of the strategy and the guiding "Cloud First" policy.

In all cloud discussions to date, major emphasis is placed on the service types of cloud--Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or cloud models such as Public Cloud, Private Cloud, Hybrid Cloud and Community Cloud. Very little emphasis or discussion is undertaken about the major vehicle through which these models and services will be utilised and consumed--cloud contracts.

Traditionally contracts have been the realm of procurement, accounting, legal or sourcing functions. Technologists and (more specifically) information security professionals kept a safe distance because, quite frankly, they are boring, however with the advent of cloud computing, this is changing fast.

Concern over service levels, data security, data leakage, data access, scalability and security compliance with organisations' policies and standards are just a few of the issues that require the attention of security and information management prior to cloud computing services being deployed or contracts finalised. Whilst some of these concerns are similar to outsourcing contracts of the past, there are new areas that require consideration.

Research has highlighted that cloud contracts are often governed by the Terms and Conditions (T&Cs) of how the service will be delivered. Interestingly, more often than not it is a set of documents containing the terms that govern the relationship between the customer and the Cloud service provider. These can be relatively short and simple, or lengthy, complex and split over several documents. Generally T&Cs are made up of common documents like Terms of Service (ToS), Service Level Agreement (SLA), Acceptable Use Policy (AUP), Privacy Policy or a mixture of these components.

But!

Once the following statements from leading cloud service providers are examined, the reason for ensuring you truly understand cloud contracts becomes clear.

Cloud Contract -- Facebook

"We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities."

 

1  2  Next Page 

Sign up for MIS Asia eNewsletters.