Cloud contracts significantly differ from the past, which used to ensure customer stickiness for a pre-defined period of time, Mayank Kapoor, data center and cloud computing industry analyst of Frost & Sullivan's ICT practice observed.
Cloud contracts are still gaining maturity, with the main change around service delivery, or the "relationship" between the customer and the cloud service provider, she explained. However, the main themes still are security, privacy, service level, scalability, data retirement and compliance with regulations, she noted.
For one, cloud service provider Avaya, told ZDNet Asia that it now works with customers in defining and fully understanding their business needs in order to offer an appropriate solution.
"In the cloud space, with so many permutations on offer, we find ourselves working with our customers to define the most appropriate strategy for them, regardless of whose services are involved," Paul Chen, Asia-Pacific director of unified communications and technical operations at Avaya, said.
Richard Wern, senior director of regional cloud computing at Fujitsu Asia, agreed, that as customers become more informed about cloud computing, they have more concerns that they wished to address in their deployment such as scalability and adaptability. This has also encouraged customers to take a stronger interest in the management of their cloud and IT infrastructure, he remarked.
Limits in customization
However, despite the efforts of cloud service providers, they would be held back in how much they could customize, according to Ken Chia, associate principal at law firm Baker & Mckenzie.Wong & Leow.
Chia noted that standard contracts were increasing as products became more mature. The IT and communications lawyer likened it to cars where each maker offers various models, leaving little room for negotiation and changing contract terms, unless customers pay more to go bespoke.
To provide the benefits of scalability and utility purchasing of cloud-based services, suppliers are not able to have many different terms for individual customers, Chia explained.
Observers were responding to the views of IT leaders at the MIG Cloud Computing Executive Roundtable in Hong Kong last month, who advised getting legal advice to read the "fine print" in cloud contracts as firms could be subjected to dishonest sales tactics, hidden costs, latency and governance issues which could affect key IT projects.
Customers face issues because they have signed cloud contracts without thorough research and understanding, Kapoor pointed out. They have not put in adequate measures and clauses to ensure that service providers cover all their services and costs which have been promised verbally, she explained. Small and mid-sized businesses (SMBs) in particular, do not seek legal advice before signing cloud contracts and end up being caught in these issues, she added.
Here are some key areas buyers should exercise due diligence and look out for in contracts, according to Chia:
1. "Compliant" products
Buyers must understand what they are getting and whether it's suitable for them, Chia noted.
For instance, Singapore's financial institutions must consider the Monetary Authority of Singapore's (MAS) proposed guidelines, he cited. The government body urges financial companies to "be aware of unique attributes and risks [of cloud computing] especially in areas of data integrity, sovereignty commingling, platform multi-tenancy, recoverability and confidentiality as well as legal issues such as regulatory compliance, auditing and data offshoring", he reiterated.
2. Portability, data location, addressing system failures
Consistent with promise on-demand, self-service and rapid elasticity, buyers must also be able to get their data back and use it on a different platform just as easily as getting on in the first place, Chia noted.
It is also important to know where the data is being processed and stored, as buyers must understand the regulatory implications and responsibilities of cross border transfers of data, manage classes of data residing on cloud, and establish data transmission and storage requirements, he added.
Buyers must evaluate service level agreements (SLAs), engage back-up cloud service providers (CSPs) which have the same solution and implement system availability monitoring and automated cut-out tools, Chia stated.
Buyers should try to include control-related inquiries in their Request for Proposal (RFP) or due diligence, attempt to include audit rights in the contracts, ask for reports on security, availability and processing integrity, Chia advised.
Fujitsu, for one, has a Global Cloud Platform to provide transparency for its customers, Wern told ZDNet Asia. He explained that the scope of work and service fees will be "clearly spelt out" and the platform has a built-in billing engine, so that a self-service portal. Should a customer configure their required environment on the platform, they will immediately be provided with an estimated costing, he added.