Service-level agreements and legal standards for cloud offerings will become more customized to individual customers and vertical industries as the cloud market continues to mature and providers look for ways to differentiate their offerings, researchers at the University of London predict.
Providers today are in many cases looking to push "one-size-fits-all" contracts on customers that favor the provider, the researchers found, but they don't always meet the needs of customers. For example, some vertical industries, such as healthcare, government and finance, each have compliance requirements that need to be addressed before they can more fully embrace a cloud strategy. Providers are only beginning to offer these types of services, and it's a trend researchers expect will pick up steam.
"To remain competitive, providers may have to be more aware of user concerns, more flexible in negotiations, and more willing to demonstrate the security and robustness of their services," says Christopher Millard, lead academic on the Cloud Legal Project at Queen Mary, University of London.
A three-year study by the team found that the six most negotiated terms of cloud contracts were: provider liability, service-level agreements, data protection and security, termination rights, unilateral amendments to service features and intellectual property rights. Those represent some of the top concerns users have regarding the cloud, says Ian Walden, another researcher.
"Companies are generally concerned about the cloud being another mechanism for corporate information to escape their entity," Walden says. "BYOD (bring your own device), combined with cloud-based solutions worry CIOs and security professionals that they are potentially losing control of their data." Providers are only beginning to realise this and create offerings to address such concerns, he says.
There are differences among SLAs from various providers, the researchers found. For example, Amazon Web Services offers 99.95% uptime and availability, whereas many other cloud providers offer up to 99.999% uptime. But within the offerings from the providers, they are not yet customising them to individual customers on a large scale, the study found.
Kosten Metreweli, CMO at OnApp, which provides a cloud platform for service provider, says SLAs and unique features offer a way for providers to differentiate themselves, and that's good for both providers and users. For example, it can be costly for a provider to add another 9 or two to increase the availability up to 99.999%. But, not all customers need that level of uptime guarantee. "You don't buy a Ferrari and go to the grocery store with it," he says, noting that if a company is just running test and development and not production-grade applications in the cloud, then there may not be a need for 99.999% uptime.
Providers that can give customers the level of service, and the prices they desire, will be able to differentiate themselves in the market. Providers can also differentiate on compliance and regulatory uptime. Not all customers will need a HIPPA or FISMA-compliant cloud offering, but the ones who do may be willing to pay a little extra for it.
"In a world where cloud infrastructure is rapidly commoditising, it's essential for service providers to differentiate on some level," he says. SLA's could be that avenue.
Cloud Legal Project blogs on ComputerworldUK
Cloud computing and EU data protection law
Cloud computing and EU data protection law: Part Two
Law enforcement agencies access rights to your cloud data
Who's responsible for personal data in cloud computing?
Data protection, the law and you