Although cloud offerings are rapidly maturing, the immaturity of
cloud service contracting means that many contracts have structural
deficits, according to a report from IT research firm Gartner. The
company identified four risky issues that CIOs and sourcing executives
should be aware of when contracting for cloud services, including the
risk that cloud sourcing contracts aren’t always market mature,
disadvantageous or opaque contact terms, and unclear service
commitments from vendors.
Gartner advised organizations to carefully assess the risks associated
with cloud sourcing contracts. Areas such as data-handling policies and
procedures can have a negative impact on the business case (for
example, additional backup procedures or a fee for data access after
cancellation) potentially creating compliancy issues and cost
increases, and indicating specific risk mitigation activities.
The report cautioned businesses should understand that it is one of
many customers and that customization breaks the model of
industrialized service delivery. Cloud service contracts are currently
written in very standardized terms, and buying organizations need to be
clear about what they can accept and what is negotiable. Gartner said
to manage cloud services contracts successfully, organizations need to
manage user expectations.
Organizations also need to ensure that they understand the complete
structure of their cloud sourcing contract, including the terms that
are detailed outside of the main contract, the report noted. They need
to be sure that these terms cannot change for the period of the
contract and, ideally, for at least the first renewal term without
forewarning. It is also critical to understand what parts of the
contracts can be changed and when the change will take place.
“Cloud service providers will need to address these structural
shortcomings to achieve wider acceptance of their standard contracts
and to benefit from the economies of scale that come with that
acceptance," said Frank Ridder, research vice president at Gartner.
"CIOs and sourcing executives have a duty to understand key areas of
risk for their organizations.”
As the cloud services market matures, increasing numbers of cloud
service providers include service level agreements (SLAs) in URL
documents referenced in their contracts. When deciding whether to
invest in cloud offerings, buyers should understand what they can do,
if the service fails or performs badly, Gartner cautioned. They should
understand whether the SLAs are acceptable and if the credit mechanisms
will lead to a change in the providers’ behavior; if not, they should
negotiate terms that meet their requirements — or not engage.
"It’s essential that organizations planning to contract for cloud
services do a deep risk analysis on the impact and probability of their
risks, and they should also plan mitigation for the most critical
issues," said Alexa Bona, research vice president at Gartner. "This
might cost additional money, but it is worth the effort. Risk should be
continuously evaluated, because contracts can change — sometimes
without notification."