The Wrap: The Trouble with Cloud Contracts: A Crash Course in Managing Risks

Most CIOs have mastered the art of vendor negotiations and contract management that relate to traditional IT operations.  However, the arrival of cloud computing and evolution of multi-cloud environments has given rise to an entirely new breed of contracts that include such things as service level guarantees, exit clauses, data security responsibilities and the location and control of the data itself.

The CIO Executive Council (CEC) recently presented a Power Hour webcast on the topic of cloud contracts and managing potential risks and liabilities.  The session was led by IT attorney Matt Karlyn, a partner in the Tech Transactions and Outsourcing Practice at Boston-based Foley & Lardner; and hosted by Maryfran Johnson, Executive Director of CIO Programs at the CEC.

Key points from the hour-long session:

Cloud vendors reserve the right to change contract details. Watch out for the words “The then current” or ““the service levels current as of the effective date.” This might indicate that vendors can change the terms from time to time. It’s your obligation to periodically check and make sure you re up to speed on the latest service levels and support responsibilities.

Billing in cloud deals should be either utility or subscription. It can’t be anything else. That’s how cloud deals are done. Be wary of cloud vendors that charge you a monthly or annual fee, and then ding you for a support fee. That’s unusual, odd, and should be a red flag.

Don’t expect a perfect contract. Your best bet is to understand the risks and then work to mitigate those risks.  Don’t hesitate to discuss liabilities – especially when it comes to data security. Think creatively and consider shared liability arrangements. Also, always be sure performance and termination terms are clear, just in case the only way forward is a way out of the contract.

Attorney Karlyn also offered some useful tips on risk mitigation, based on years of experience working with IT clients. One insight: Think outside the box about ways to share the risk. A lot of vendors are willing to engage in such conversations.  It is also a good idea to present cloud vendors with a “diligence questionnaire” as part of the RFP.  Better to find out earlier than later if there are potential storms lurking in cloud agreements.

If you’re interested in participating in virtual sessions like this and others that target strategic IT issues or would like to learn more about the CIO Executive Council, please contact us