The Cloud Industry Forum hosted “Benefiting from the Cloud Services Today: A Buyers Guide” on 5 July. This session highlighted the latest research on cloud adoption and trends and explored the key challenges faced by organisations in assessing and implementing cloud services.
The session also brought to light best practice guidelines co-authored by the Cloud Industry Forum and law firm DMH Stallard, from their whitepaper “Contracting Cloud Services - A Guide to Best Practice”.
This whitepaper has a number of recommendations for customers adopting a cloud solution. There is increasing awareness that cloud service providers (CSP) can stand out from their competitors by embracing these recommendations.
Best practice guidelines from the whitepaper include:
1. Data control
The latest research shows, once again, that customer concerns over data far outstrip all other concerns, with 66% concerned over data security and 85% wanting to their data inside the UK - the so-called “sovereignty” issue. The CSP should clearly disclose the location of its primary and failover data centres to show whether they are EU-based. It should also specify whether it transfers data outside the EU. Some UK and EU providers are using these fears over security and data sovereignty to demonstrate that they have a UK-only or EU-only offering with no data transferring to the US.
2. Deletion of data
Clearly a customer will want to control when its data is deleted by the CSP but this can give rise to conflict where the customer stops paying, where the data is alleged to be unlawful or where the provider terminates the service. The CSP should give customer at least 30 days advance notice before deletion to allow the customer to take steps to retrieve its data.
3. Termination by CSP
Clearly CSPs should have right to terminate for a reason caused by the customer, including breach of terms, non-payment or insolvency of the customer. A customer will not normally be able to change this position. However, the provider should honour minimum periods and give the customer enough notice to retrieve its data and migrate the service to a new CSP. Further, the provider should not entitle it to change the terms without the customer’s consent or, at worst, the customer should be able to reject changes to the terms by terminating the service.
4. Liabilities and Indemnities
This is a constant concern for customers and normally the provision in the contract that most customers are aware of. First, customers should evaluate practical issues to avoid liability becoming an issue in the first place. From a practical perspective, it is much better to a investigate what options are available from its cloud service providers including resilience, failover and disaster recovery. Second, the CSP should specify in clear, unambiguous terms what losses it will cover and whether or not great charges will increase cover
The whitepaper also provides guidance over service availability and resilience, which choice of law should apply and some practical tips on service migration.
For full details of best practice recommendations or to make sure your cloud contract – whether as cloud provider or cloud customer – addresses them, email frank.jennings@dmhstallard.com
DMH Stallard is at the forefront of cloud computing and are involved in the Cloud Industry Forum’s code governance and legal boards. Frank Jennings, DMH Stallard Partner and Head of Commercial has co-authored best practice recommendations for cloud contracts and has vast expertise on issues relevant to cloud.
The firm recently published a leading thought-leadership report, Secure Your Data – Protect Your Business that examines key issues in data security including how the use of cloud can bring competitive advantage to business
For a copy of the report please email scott.garner@dmhstallard.com
