Going to the cloud? Get a lawyer

Thinking about shifting business to the cloud, or signing a deal with a cloud services provider? Bernice Karn has one piece of advice: get a lawyer.

Actually, Karn has a lot of advice, and the lawyer with Cassels Brock shared some of it with attendees recently at the Canadian Channel Chiefs Council’s (C4) first education seminar – From Cloud Illusions to Cloud Realities: Cutting through the Hype.

Much of Karn’s practice revolves around reviewing cloud service contracts that major companies are considering signing with service providers, and she identified a “dirty dozen” contentious things about cloud computing that customers – and service providers – would be wise to heed.

While the pros of Cloud include that it’s cheap, simple, flexible and scalable, Kearns points to a few important cons: the customer loses control and oversight, becomes dependent on third parties, loses the practical ability to bring the service back in house, and local laws can also prove to be an impediment depending on where the servers – and the service provider – are physically located.

Karn’s “dirty dozen” are 12 fundamental issues that customers should consider when negotiating a contract with a cloud service provider.

  1. Scope of services: This should be clearly defined, with the client understanding what they’re getting and not getting.
  2. Service level agreements: Savvy customers will want this to be meaningful, speaking to the responsiveness of the solution, the resolution, and arrangements for sunsetting and the return of data. “As a customer, I’d look very closely at SLAs for what’s included and what’s excluded, and make sure it’s meaningful to your business,” said Karn.
  3. Privacy and confidentiality: There should be provisions for confidential information such as financial statements and trade secrets and applicable laws for personal information should be followed.
  4. Securities and other compliance issues: There are a number of laws and regulations, such as Sarbanes-Oxley, that may apply. “If you have compliance requirements you should bake those into the contract,” said Karn.
  5. Disaster recovery and business continuity: What the service provider will do to ensure service continuity should be addressed, including system breakdowns, natural disasters and other reasonably foreseeable events. Covenants should be obtained around regular testing and remedial actions.
  6. Record keeping: In addition to basic good business practices, Canada has several laws that require certain records to be kept. Customers should know what record keeping will be undertaken.
  7. Inspection and audit rights: The customer’s right to audits and the scope of such auditsshould be specified.
  8. Subcontractors: The contract should specify when subcontracting is allowed and within what scope, and ensure subcontractors provide IP rights, warranties and indemnities to the customer.
  9. Default and Termination: Everything should be clearly specified including default situations, remedies and cure periods and termination for convenience. Service level credits can’t be the sole and exclusive remedy for service interruption or termination.
  10. Limits of liability: The cloud provider’s risk allocation technique must make the business viable – if it doesn’t, it may speak to the soundness of their business.
  11. Indemnities: Another risk allocation device, this should be limited to 3rd party claims and might typically include IP indemnity, 3rd party privacy breaches and any other sensitive issues.
  12. Transition issues: “Transition issues are one of the most overlooked things in a cloud deal,” said Karn. “As a user, you can’t just have the switch turned off one day. You need lead time.” Provisions should be included for knowledge transfer and, if it’s a critical application, transition services should be required even in the case of a termination for default.

“Don’t just use a cloud agreement you found on the web,” warns Karn. “Service providers that give customers a harder time on their contracts are the ones I feel better about. Those that I mark up their contract and they just say OK, they worry me. It says they’re not paying attention.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
A veteran technology and business journalist, Jeff Jedras began his career in technology journalism in the late 1990s, covering the booming (and later busting) Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal, as well as everything from municipal politics to real estate. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada. He would go on to cover the channel as an assistant editor with CDN. His writing has appeared in the Vancouver Sun, the Ottawa Citizen and a wide range of industry trade publications.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.