Cloud Services Contracting Carries Risks: Report

By Nathan Eddy  |  Print this article Print

A Gartner report cautions CIOs about the risks when contracting for cloud services.

Although cloud offerings are rapidly maturing, the immaturity of cloud service contracting means that many contracts have structural deficits, according to a report from IT research firm Gartner. The company identified four risky issues that CIOs and sourcing executives should be aware of when contracting for cloud services, including the risk that cloud sourcing contracts aren’t always market mature, disadvantageous or opaque contact terms, and unclear service commitments from vendors.

Gartner advised organizations to carefully assess the risks associated with cloud sourcing contracts. Areas such as data-handling policies and procedures can have a negative impact on the business case (for example, additional backup procedures or a fee for data access after cancellation) potentially creating compliancy issues and cost increases, and indicating specific risk mitigation activities.

The report cautioned businesses should understand that it is one of many customers and that customization breaks the model of industrialized service delivery. Cloud service contracts are currently written in very standardized terms, and buying organizations need to be clear about what they can accept and what is negotiable. Gartner said to manage cloud services contracts successfully, organizations need to manage user expectations.

Organizations also need to ensure that they understand the complete structure of their cloud sourcing contract, including the terms that are detailed outside of the main contract, the report noted. They need to be sure that these terms cannot change for the period of the contract and, ideally, for at least the first renewal term without forewarning. It is also critical to understand what parts of the contracts can be changed and when the change will take place.

"Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance," said Frank Ridder, research vice president at Gartner. "CIOs and sourcing executives have a duty to understand key areas of risk for their organizations."

As the cloud services market matures, increasing numbers of cloud service providers include service level agreements (SLAs) in URL documents referenced in their contracts. When deciding whether to invest in cloud offerings, buyers should understand what they can do, if the service fails or performs badly, Gartner cautioned. They should understand whether the SLAs are acceptable and if the credit mechanisms will lead to a change in the providers' behavior; if not, they should negotiate terms that meet their requirements — or not engage.

"It's essential that organizations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks, and they should also plan mitigation for the most critical issues," said Alexa Bona, research vice president at Gartner. "This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change — sometimes without notification."