Cloud Service Contracts Our expert lawyer tells you what you should look out for

By Frank Jennings, cloud lawyer at DMH Stallard

Cloud means no software. Cloud offers flexibility and scalability. Cloud is cheaper and more resilient than on-premise IT. We’ve all heard about these – and no doubt other benefits of cloud too.

It’s very easy to start using cloud services and to get these benefits. You can even bypass your CIO by using your credit card to buy a cloud service direct. But do you check what you’re getting before you sign up? All too often, customers ask the really important questions after they have adopted cloud.

Here is our FAQ of risks in cloud contracts that customers should be asking. And guess what? Reputable cloud providers don’t mind you asking.

1. Will the provider negotiate the contract?

This depends upon the type of cloud. For public cloud, probably not as it’s a highly standardised generic service – it either does what you want or you go elsewhere. But with private and hybrid cloud or where you dealing with a reseller, you can and should negotiate.

2. What service guarantees will the provider make?

With public cloud you will generally get a multi-tenanted solution where you and other customers share space on the provider’s infrastructure. It won’t be tailored to your exact requirements so the provider’s promises will be restricted. While the provider may promise that the service will comply with its published specification and SLA, you should expect statements that the service is provided “as is” with exclusions of any useful promises about it being fit for your specific purposes. Or that the quality of the service will be satisfactory for your needs. Again, with private / hybrid / resellers you can specify a greater degree of tailoring and you should negotiate these warranties too.

Reputable cloud providers don’t mind you asking [the right questions]

3. What risks does the customer bear?

Remember, the customer is ultimately responsible for data security and compliance and the Information Commissioner or FSA will fine the customer for breaches. If you want your data kept in the UK or EU, check the location of the provider’s primary and secondary data centres, and don’t forget to ask where their call centre is. If you want back-up or failover, don’t assume these come as standard. If you want your data encrypted, are you responsible for this? If the data is lost, are you responsible for recovering it? Has the provider limited all their liability to the fees you’re paying them (or, as above, to service credits only)?

4. What should I look out for?

Does your provider have a good reputation? Do they have any accreditations, such as ISO27001/9001 or conform to the Cloud Industry Forum’s Code of Practice? These take time, money and effort and show that the provider has an eye on the customer’s interests. Do a credit check on them. Do they own the data centre or buy space from someone else? Is it Tier 3 and above? Can you “step-in” to the contract if your reseller goes bust? Can the provider post new terms or prices on their website by simply emailing you?

5. Can I sue my cloud provider for a service failure?

Typically, the customer will bear the brunt of a public cloud service failure. Check the SLA – it will probably say your “sole and exclusive” remedy is service credits on an hourly or daily basis and you’ll have to claim these as the provider won’t automatically give them to you. If your cloud service is down for a day, service credits generally won’t amount to any use anyway. Again, with private / hybrid / resellers, you can often get better protection. You get what you pay for, after all. Some providers are so certain of their resilience, they will even indemnify the customer for data loss. But, be careful: anyone can set up a cloud service. It doesn’t mean they have any capability. Or money.

6. How do I change provider?

If you’re dissatisfied with their service, you may be able to end the contract for service breaches – but see the warnings above. Otherwise, you’ll have to terminate by giving notice. Often cloud contracts are for a minimum period so check whether this has elapsed. Make sure you give notice in time to avoid an auto-rollover of another 12 months.

7. Is insurance worth getting?

Insurance for cloud outages and data losses is at an early stage, but you should definitely speak to a broker. Of course, even the best insurance cover is never a substitute for taking practical steps to minimise the likelihood of needing to claim on it.

8. Can a lawyer provide any guidance on this?

Of course, but check that your lawyer really knows cloud. For example, make sure they’re familiar with the Cloud Industry Forum’s best practice contract recommendations. You wouldn’t go to your GP for heart surgery, so think carefully before using the same lawyer who drafted your Aunt Mabel’s will.

+ posts

Newsletter

Related articles

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

How Business Data Can Be Protected, Even with Remote Workers

According to a study conducted by OwlLabs, approximately 69% of survey respondents worked remotely during the pandemic or are now working from home since.

Subscribe to our Newsletter