Search this website:


More flexible contract for Cloud?

Combined legal and market factors may force online companies to offer more flexible contract terms, suggests new research from Queen Mary, University of London.

 

Date: 25 May 2012

The paper examines how and why companies providing IT services over the internet, also known as cloud computing, have begun to negotiate standard contract terms to better meet cloud users’ needs, minimise operating risks and address legal compliance obligations.

The research, by the Cloud Legal Project at the Centre for Commercial Law Studies at QM, is primarily based on in-depth interviews with global and UK cloud providers, cloud users, law firms and other market players.

The report found that the top six types of cloud contract terms most negotiated were:
· Provider liability
· Service level agreements
· Data protection and security
· Termination rights and lock-in/exit
· Unilateral amendments to service features
· Intellectual property rights
“These are the key contractual issues of concern to users in the cloud market at this relatively immature stage of cloud adoption,” explains Professor Christopher Millard, lead academic on the Cloud Legal Project (CLP).

Standard ‘one-size-fits-all’ terms are often weighted in favour of the provider, and many are potentially non-compliant, invalid or unenforceable in some countries, the project found.

Many providers do not take into account that users, especially in Europe, have regulatory or other legal obligations and may need to demonstrate compliance to regulators.

Professor Millard adds: “To remain competitive, providers may have to be more aware of user concerns, more flexible in negotiations, and more willing to demonstrate the security and robustness of their services.

“In the middle or low value markets, choice is still limited, and many contract terms are still inadequate or inappropriate for SME users’ needs, as they may lack the bargaining power to force contract changes.”

According to the research, there are signs of market development. Where large users have negotiated amendments and thereby helped educate providers about user concerns, these changes are likely to filter down to the middle market at least. Changes to providers’ standard terms may also filter up from regulatory action affecting the consumer market.

CLP research consultant, Kuan Hon says: “The findings suggest that more customer-friendly terms are being demanded by large cloud users such as governments and financial institutions, and being offered or agreed by niche specialist providers and market entrants - making contract terms a source of competitive advantage.”

The paper also discusses other legal risk issues, such as providers’ lack of transparency about data security, location and management. Providers’ exclusion of liability in their terms, particularly for outages and data loss, was generally the biggest issue for users surveyed.

Conversely, providers have argued that customers want to ‘have their cake and eat it’; seeking the cheapest services while requesting the highest levels of assurances in contract terms and conditions.

“Forcing providers to accept more liability and incur the expense of upgrading their infrastructure, while keeping prices low, may undermine market development,” Professor Ian Walden, from CLP, warns.

Apart from contract terms, users may need to take other practical measures to protect their businesses online, including data encryption or backing up data internally or to another cloud service, note the researchers.

Professor Walden explains: “Many cloud providers, particularly those offering free services, do not offer back-ups or assume liability for data losses as part of their basic package. Ignorance of cloud structures, with their multiple potential failure points, may result in risks not being addressed.”

Users may need to consider what functions should be migrated to cloud and on what basis, such as starting with pilots only, conducting risk assessments, and implementing internal controls.

Researchers suggest multiple approaches are emerging, with a fragmentation of the market, rather than a ‘de facto’ cloud model. Market participants may be developing a range of cloud services with different contractual terms, priced at different levels and embracing standards and certifications that aid legal certainty and compliance, particularly for SME users.

The paper, Negotiating Cloud Contracts – Looking at Clouds from Both Side Now, is available for free download via the Cloud Legal Project website: http://www.cloudlegal.ccls.qmul.ac.uk or http://cloudlegalproject.org/Research
 



ShareThis

« Previous article

Next article »

Tags: Hosting & Colocation

More Exclusive News

Ten things you didn’t know about rack PDUs

20 Apr 2015
Do you want to accurately monitor and control energy usage in your IT installation? Do you want to enhance the reliability and availability of your IT systems? Do you want to cut cooling, administr...

Black Hole Routing does not equate to DDoS protection

20 Apr 2015
By Stephen Gates, Chief Security Evangelist for Corero Network Security.

Easynet delivers proactive service to a global customer base with streamlined patch management

20 Apr 2015
Easynet works with Shavlik in rolling out a centralised patch management solution for its global cloud services business.

DevSecOps: Taking a DevOps approach to security

20 Apr 2015
By James Brown, Director, Cloud Solutions Architecture.

The avalanche of data and exploding costs in the data centre

20 Apr 2015
How data virtualisation influences the overall performance of a data centre By Ash Ashutosh, CEO, Actifio.

Software-defined application services take data centres into new era

20 Apr 2015
By Gary Newe, F5 Networks.

Data security - top tips for senior managers

13 Apr 2015
Ian Kilpatrick, chairman Wick Hill Group, explains why senior managers now need to be more involved in data security and offers his top tips.

NHS Dumfries and Galloway adopts a proactive approach to safeguarding patient data

13 Apr 2015
Guarding against security threats with a state-of-the-art vulnerability management solution.

Making OpenStack enterprise ready with software defined availability

13 Apr 2015
By Jason Andersen, Senior Director, Product Management and Marketing at Stratus Technologies.

SDN – A brave new world underpinned by a traditional technology

13 Apr 2015
Derek Watkins, Vice President of Sales EMEA & India, for Opengear examines the key technologies and adoption trends of Software Defined Networking (SDN) and suggests that data centres getting r...

Bradford Teaching Hospitals completes one of UK’s largest image migration projects

13 Apr 2015
Bradford Teaching Hospitals NHS Foundation Trust (Bradford) has completed one of the UK’s largest image migration projects thanks to a four-way partnership alongside healthcare data managemen...

SteelFusion 4.0 enables 'zero IT' at the branch office

9 Apr 2015
With more powerful software and hardware, SteelFusion 4.0 consolidates all IT at the branch into the data center for instant branch provisioning and recovery, full security and visibility, and apps that simply work.

Lessons to be learned from Zero-day nightmares

6 Apr 2015
By Philip Lieberman, President & CEO Lieberman Software.

In the line of fire

6 Apr 2015
The consequences of a fire in a data centre can be catastrophic and, as well as causing expensive downtime, it can also result in irreparable damage to expensive equipment if not detected quickly. ...

The data centre network of the future

6 Apr 2015
By Roger Keenan, managing director of central London data centre, City Lifeline.

Recruitment

Latest IT jobs from leading companies.

 

Click here for full listings»