Eight out of 10 enterprise Software-as-a-Service buyers will not be happy with the contracts they sign. And there's good reason for that.
That's the prediction from Gartner analyst Alexa Bona, who chides the current state of contracts, which all too often "have ambiguous terms regarding the maintenance of data confidentiality, data integrity and recovery after a data loss incident."
Bona outlines three options enterprise cloud buyers need to exercise every time they cut a cloud agreement:
Bring in third-party verification. SaaS contracts should "allow for an annual security audit and certification by a third party, with an option to terminate the agreement in the event of a security breach if the provider fails on any material measure," Bona advises.
Insist on standardized assessments. "Ask a provider to respond to the findings of assessment tools," says Bona. "The Cloud Security Alliance (CSA), for example, has a Cloud Controls Matrix in the form of a spreadsheet containing control objectives deemed by participants in the CSA to be important for cloud computing."
Include adequate service levels for security and recovery, including recovery time objectives, recovery point objectives, and data integrity measures. “Whatever term is used to describe the specifics of the service-level agreement, IT procurement professionals expecting their data to be protected from attack, or to be restorable in case of an incident, must ensure their providers are contractually obligated to meet those expectations,” says Bona.
Along with Gartner's recommendations, there are other pro-active steps cloud consumers can take to ensure that their vendors fulfill their roles as partners:
Get involved with a user group or advisory committee associated with the vendor. This helps provide clout, as well as build personal relationships with managers on the vendor side.
Maintain relationships with mutiple providers, including the option of going back to your own data center. Nothing delivers more favorable terms in business than competition.