The typical cloud computing contract can look downright simple to an experienced IT outsourcing customer accustomed to inking pacts hundreds of pages long that outline service levels and penalties, pricing and benchmarks, processes and procedures, security and business continuity requirements, and clauses delineating the rights and responsibilities of the IT services supplier and customer.
And that simplicity, say IT outsourcing experts, is the problem with cloud computing.
"Failure to understand the true meaning of the cloud and to address the serious legal and contractual issues associated with cloud computing can be catastrophic," says Daniel Masur, a partner at law firm Mayer Brown. "The data security issues are particularly challenging, and failure to address them in the contract can expose a customer to serious violations of applicable privacy laws."
If a cloud services contract (whether it's for software-, infrastructure- or platform-as a service) seems less complex, that's because it's designed to offer products and services "as is", without any vendor representations or warranties, responsibility for adequate security or data protection, or liability for damages, says Masur.
Cloud service providers will tell you the simplicity is precisely the point. They can offer customers low-cost, instantly available, pay-per-use options for everything from infrastructure on-demand to desktop support to business applications only by pooling resources and putting the onus for issues like data location or disaster recovery on the client. Adding more robust contractual protections erodes their value proposition.