Gartner warns of cloud service contract risks
There are four major areas companies must investigate before signing contracts: Gartner
Gartner says that the immaturity of cloud services raises several risky issues that CIOs must be aware of when contracting for these services.
Gartner identified four issues that must be taken into consideration when enterprises plan to enter into cloud computing contracts.
"Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance," said Frank Ridder, research vice president at Gartner. "CIOs and sourcing executives have a duty to understand key areas of risk for their organisations.
The four risky issues are; cloud sourcing contracts are not mature for all markets, contract terms generally favour the vendor, contracts are opaque and easily changed and contracts do not have clear service commitments.
"It's essential that organisations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks, and they should also plan mitigation for the most critical issues," said Alexa Bona, research vice president at Gartner. "This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change - sometimes without notification."
For the first issue, cloud sourcing contracts are not mature for all markets, Gartner says that when companies analyse cloud sourcing contracts, it can be obvious whether they were written for mature corporations or the consumer market.
Gartner analysts say they often see contracts that lack descriptions of cloud service providers' responsibilities and do not meet general legal, regulatory and commercial contracting requirements of most enterprise organisations.
The analysis company advises organisations to assess all risks associated with cloud sourcing contracts carefully before taking the plunge.
Gartner has warned that areas such as data-handling policies and procedures can negatively affect businesses, affecting compliancy issues, creating extra costs and indicating specific risk mitigation activities.
For second issue, that contract terms generally favour the vendor, Gartner warns that cloud services do not lend themselves to partnership-style relationships between companies due to the high degree of contract standardisation, and services are delivered remotely rather than locally.
According to Gartner, organisations need to understand that it is one of many customers and that customisation breaks the model of industrialised service delivery.
The current cloud service contracts are currently written in very standardised terms, and buying organisations need to be clear about what they can accept and what is negotiable.
The third issue, that contracts are opaque and easily changed, is due to the fact that contracts from cloud service providers are not very long or very detailed; often URL links provide additional information, terms and conditions.
Gartner says it is these details that are often critical to the quality of service and price for uptime or performance, service and support terms, and even the description of the core functionality of the offering.
According to the company, clauses on these additional pages can often change, without any notification to the client.
Gartner advises that enterprises must ensure that they understand the complete structure of their cloud sourcing contract and study in detail the terms that are listed outside the contract. They also need to ensure that these terms do not change for the period of the contract and ideally the first renewal term, without prior notification.
The final cloud service worry is that contracts do not have clear service commitments. Garner says that increasing numbers of cloud service providers are including SLAs in URL documents referenced in their contracts. Many cloud service providers limit their area of responsibility to their own network and while things are improving, many commitments remain vague.
Buyers must understand what they can do, if the service fails or performs badly, they must understand whether SLAs are acceptable and should negotiate terms that suit their requirements or not engage in the contract.