Cloud services contracts: What CIOs need to know

Cloud services contracts: Gartner has flagged up a number of risky issues for CIOs to watch out forPhoto: Shutterstock

Signing a cloud services contract? Hold that thought… Analyst house Gartner is warning CIOs that many cloud contracts have structural deficits that must be properly scrutinised for risk before signing on the line.

Organisations planning to contract for cloud services should be willing to shell out to conduct “a deep risk analysis” of contracts, says Gartner – to probe the impact and probability of any risks, and plan mitigation for the most critical issues.

Risk evaluation should also be ongoing as contracts can change, the analyst warns. Understanding key areas of risk for their organisations is core to the CIO’s role, notes Frank Ridder, research VP at Gartner.

A new report by Gartner entitled Four Risky Issues When Contracting for Cloud Services has flagged up various issues that CIOs and sourcing execs should seek to address before reaching for a pen to sign a cloud services contract.

Beware generic terms and conditions

One problem CIOs might encounter is contracts drawn up with a different market or type of organisation in mind than their own. The analyst says it is “often obvious” that a cloud service provider wrote a contract “with larger, more mature corporations, or the consumer side of the market, in mind” – rather than tailoring a contract to a particular customer.

Generic T&Cs should ring alarm bells, according to Gartner, which says it sees many cloud-sourcing contracts that lack descriptions of cloud service providers’ responsibilities and do not meet “the general legal, regulatory and commercial contracting requirements of most enterprise organisations”.

Cloud as the opposite of outsourcing?

T&Cs in cloud services contracts also often favour the vendor, says Gartner, so do not lend themselves to the kind of partnerships that often underpin successful outsourcing relationships.

With cloud, there is a high degree of contract standardisation, with consistent terms for every customer and, typically, a service that is delivered remotely rather than locally. Organisations seeking to procure cloud services should therefore be clear about what they can accept and what is negotiable, warns Gartner. Never forget you are one of many customers and that customisation would break the model of industrialised service delivery that underpins the cloud service provider’s business.

The shape-shifting devil is in the detail

Beware cloud services contract clauses that lack detail as they often link to web pages where additional T&Cs can be found, says Gartner. These additional T&Cs should be carefully perused. While contracts from cloud service providers are not long documents, these additional online T&Cs can include critical service-level agreement (SLA) detail, according to the analyst.

Quality and price for uptime and performance, service and support terms, and the core functionality of the cloud service may all only be detailed in online T&Cs, it says. Plus these online clauses can change over time – often without notice.

Organisations must therefore ensure they understand the complete structure of their cloud sourcing contract and lock down the terms for the period of the contract and, ideally, at least the first renewal term, says Gartner. If there are parts of the contracts that can be changed, CIOs need to be aware of them and know when the change will take place.

Service commitments? What service commitments?

There is also a lack of clear service commitments from many cloud service providers, according to the analyst. Not only are SLAs typically only found lurking in URL documents, rather than in the contracts themselves, providers also tend to limit their area of responsibility to what is in their own network – as they cannot control the public network. This restriction means service commitments remain vague at best, although Gartner does say the situation is improving.

When deciding whether to put pen to paper and sign a cloud services contract, the CIO should understand what they can do if the service fails or performs badly, says Gartner. If SLAs are not acceptable they should negotiate terms that meet their requirements – or take their business to another cloud services provider.