What you need to know before signing a contract for cloud services
Everyone’s excited about being “in the cloud.” Business owners and other stakeholders have heard about the many benefits of using it. They know about the agility it gives their operations and the cost-savings. There’s also the prospect of freeing up their IT staff for more pressing matters. Yet, in the rush to partner with cloud-computing companies, we often make the mistake of signing a contract without really thinking about what we are getting into.
To help business owners, IT department heads and other IT pros sift through what could be a lengthy cloud-computing contract, here are the things that you should know before you affix your name and signature at the bottom of the document:
You have to understand that a cloud service provider has a standard contract with terms that are generally favorable to them, not you. When you negotiate for better terms, it should be put in a separate contract. These terms should reflect changes to make sure that you and your organization get exactly what you need.
Generally, cloud service providers will try to wash their hands of any liability if they fail to deliver on their promises. If you can get them to agree to monetary compensation for when service interruptions happen, then be sure to put it in writing as well.
3. What are your service-level agreements?
A service-level agreement is what your cloud service provider commits to when it comes to availability and performance.
You should list parameters such as error correction times, uptime, performance time, infrastructure and security and response time, and then come up with a minimum level for each of these parameters that would be acceptable to you. Not only that, but the SLA should be strictly enforced and there should be remedies that you can take if these are not met.
For example, if your cloud service provider promises you that it will fix service interruptions in just an hour, it should do so. If it goes beyond that, it could be liable to pay you. Service-level agreements are highly flexible and you can negotiate for a better guaranteed performance, but you would need to pay more.
4. What happens to your data?
One of the central things impacting your cloud computing decisions is your data. You will be taking data, including confidential information, outside of the servers in your office and hosting it outside on these service providers’ networks. You will need to:
- Ensure that data is kept safe, with proper backups. A lot of providers promise redundant connectivity and fault tolerance. Some promise that your data will be backed up automatically. But does this mean that you are safe from data loss and your data will be intact? Be sure to ask your service provider if it will be guaranteeing data integrity or if it will be liable for any data loss.
- Know the physical location of your data and remember that each country and each state has a different set of rules on how data is to be handled.
- Make sure that you retain ownership of your data. You may be storing your data on your provider’s infrastructure, but ownership would stay with you. Make sure that this is clearly stated in your service contract.
- Lay down the provider’s liabilities and obligations for a data breach. The contract you have should be clear on what the service provider should do in the case of a data breach. This includes anything from notifying your company of a data breach as soon as it happens, to telling you how extensive the data breach is and the corrective actions needed to resolve the breach, to informing you of the preventive action that it has put into place to prevent similar breaches in the future.It should also be clear that you will be rightly indemnified when data breaches occur. For example, you should be clear that the service provider would shoulder all fines and damages arising from the breach, as well as face legal action or other corrective measures.
5. What if I want out?
Think of your exit strategy even before you sign that contract. This is just good practice. You should be clear about the answers to the following questions:
- Will you be able to get out of the contract easily?
- Is there a pre-termination fee?
- Will you be required to send in a non-renewal notice before you could get out of the contract?
And then there is the matter of your data. You should know the following:
- How will you get your data back?
- What format will your data be in?
- How will your data be disposed of after you get it back?
This is also a good time to think about vendor lock in. Is there a lock in period? Will you be overly reliant on just one vendor or one format for your cloud computing? If so, it might hinder your flexibility somewhere down the line.
6. How do you secure my data and the processes I use?
The security standards and strategies that your cloud service provides is very important for you to make sure that your data is kept safe. If you want to be ultra-sure that your data is secure, ask for security standards such as the AICPA SSAE-15 or the ISO 27001.
7. What about vendor relationships?
You will be in the contract, hopefully, for a very long time. This is why you should also be clear in negotiations about what happens to you if the vendor closes shop or is acquired by another company. Or what if the vendor decides to stop or outsource the service that you are buying from it?
8. When could the service provider legally end their service?
So when entering into an agreement with a cloud service provider, make sure to ask these questions and see if the contract has provisions that will shed light to these concerns. If it doesn’t, then it’s always within your rights to ask to make additions or changes to the contract to make it favorable for you, too, and not just for the other party.