In this first part of a two part article, we will touch on the prominent legal issues which arise from both the provision and use of cloud computing. This article will deal with the contractual issues which arise in cloud computing and the second article will deal specifically with data protection and security issues which are causing increased concern for those in the cloud computing industry and their customers.
The evolution of traditional information technology services from hard drives to cloud computing has been aided by the current economic climate. Businesses are now looking to forms of technology which are more cost effective, have greater efficiency and reliability of service than the traditional in-house technology services. This being said, many businesses will only do so following technical and legal assurances from the cloud computing providers.
Cloud computing services use a variety of operating models when providing various services to businesses. The legal issues which arise in traditional outsourcing arrangements remain prevalent but there are new legal issues and nuances of old ones arising from the different nature of these services. While an industry standard cloud computing contract has yet to be developed, there are a number of points detailed below which both cloud computing providers and businesses should bear in mind when negotiating such contracts.
Good reputation and track record?
Businesses should undergo a due diligence process on the cloud computing provider in order to ensure its ability to meet the necessary demands and the consistency and quality of the service it provides. This will assist in identifying potential issues at the outset which otherwise may not be evident until too far down the road during the life of the agreement.
What services will be provided? What metrics are used? What is provided by way of updates and maintenance?
Cloud computing services should be defined with sufficient clarity in the agreement in order to ensure that the obligations of the cloud provider are clear from the outset. This is linked to the service level agreements, where the performance assurances of the cloud provider are documented. As is the case with any such agreement, sufficient and clearly set out service level and service credit arrangements should be negotiated in order to ensure both parties have the same expectations.
Cloud computing providers have been known to have broad exclusions of liability in their terms of service. As cloud computing creates challenges of trust, accountability and compliance, businesses should seek to ensure liability clauses in the agreement sufficiently protect them from issues such as potential outages and technical failures.
As cloud computing involves the entrusting to the supplier, to some extent (if not completely) the availability and performance of systems for conducting certain business activities, it is critical that the agreement provides sufficient detail for those involved as to what will happen when the contractual relationship comes to an end. Transitional arrangements will ensure that it is agreed from the outset what will happen to both data and information when the agreement is terminated.
By asking these questions and negotiating these terms, cloud computing providers and businesses can seek to implement a mutually advantageous agreement.