There are several different cloud types such as cumulus, stratus, cirrus and altostratus; and so too there should be different shapes and flavors of cloud computing. That’s the findings of a report, “Negotiating Cloud Contracts – Looking at Clouds from Both Sides,” released by researchers of the Cloud Legal Project at the Centre for Commercial Law Studies at Queen Mary, University of London.
Researchers identify the six types of cloud contract terms most negotiated as provider liability, service level agreements, data protection and security, termination rights and lock-in/exit, unilateral amendments to service features and intellectual property rights.
“These are the key contractual issues of concern to users in the cloud market at this relatively immature stage of cloud adaptation,” explains Professor Christopher Millard, lead academic on the Cloud Legal Project (CLP), in a statement.
Millard, and his colleagues, identifies a need for service packages when it comes to negotiating contracts for cloud services. The report posits that many one-size-fits-all terms are actually non-compliant, invalid or unenforceable in different countries.
While the team at the Cloud Legal Project looks at global and UK-based providers and users, the report points out issues close to home. In Europe, regulatory and other legal obligations may dictate specific terms particularly on privacy issues.
“To remain competitive, providers may have to be more aware of user concerns, more flexible in negotiations, and more willing to demonstrate the security and robustness of their services,” Millard says. “In the middle or low value markets, choice is still limited, and many contract terms are still inadequate or inappropriate for SME users’ needs, as they may lack the bargaining power to force contract changes.”
As Millard commented, cloud services and usage are still in their infancy — and contract terms, usage needs and service plans will develop over time.
Developing varied cloud packages may actually make some users dissatisfied if services are stripped from new plans. Many customers, the report finds, look for the cheapest services yet request the highest levels of contract terms and conditions.
“Forcing providers to accept more liability and incur the expense of upgrading their infrastructure, while keeping prices low, may undermine market development,” says Professor Ian Walden from the Cloud Legal Project.
It’s as important for the users of cloud services to understand the issues as it is for providers. “Users may need to consider what functions should be migrated to cloud and on what basis, such as starting with pilots only, conducting risk assessments, and implementing internal controls,” the report states. For small businesses and enterprise companies, this means assigning these duties to an IT person or someone who can work with the company’s IT providers to implement procedures and best practices.
Several providers including Microsoft, Dell and Rackspace currently offer cloud computing services. As cloud computing develops over time, it is important for these and other companies to address local regulatory issues in order to cater services to a global user base.
The report suggests multiple approaches, which are already emerging with fragmentation of the market. “Market participants may be developing a range of cloud services with different contractual terms, priced at different levels and embracing standards and certifications that aid legal certainty and compliance, particularly for SME users,” the report concludes.