We have been focusing on ‘the cloud’ a lot in our newsletter, and that is because there is a lot to know. We find ourselves almost perpetually hearing new spins on what the cloud is, funny, seeing as it doesn’t really change that much. In any case, we are all finding ourselves engaging with the cloud in more areas than this time last year, so what to watch out for?

Truman Hoyle completed an analysis of some of the big fish contracts in the cloud computing space earlier this year. They found many common areas that you need to be thinking about when engaging a cloud service provider.

Jurisdiction

The contact will specify where disputes are to be handled, and they may not be where you expect, Amazon has chosen the Federal Court in King’s County, Washington, USA, Salesforce.com has chosen Singapore, IBM will settle where the deal was signed.

Variation to terms

“That’s not what it said when I signed it”, maybe not, but here in point 846, sub point 36, paragraph 2 it says it was your responsibility to keep abreast of the changes. It may sound outrageous, but you will apparently find this often enough. The best way to protect yourself is to only deal with someone you consider ‘reputable’.

Privacy when your data is stored overseas

Most providers will have a clause suggesting they cannot guarantee how their suppliers will treat your private information, and that your information may be stored in any other country which may not have the standards of our beloved Australian government, certainly this is Telstra’s position.

Most international companies shoot for US standards, which aren’t great, but some will also meet European standards, which shows privacy concerns are taken more seriously.

Security and backup

So you store your email on cloud X, they get hacked, your data gets stolen or deleted, or both. Guess who’s responsible, many providers would say that you are, “We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of your content and applications,” says Amazon.

Do bear in mind though, these larger companies do have strong incentive to keep up to date on security and patching, it would be very embarrassing for Google Apps if they were ever broken in to.

SLAs

Most enterprise grade cloud service providers will offer some form of credit if their service experiences downtime. Or at least they promise a percentage uptime with compensation if they can’t meet it. Read carefully, SoftLayer will guarantee 100% uptime, and pay up if they don’t provide, but only if the downtime lasts longer than 30 minutes continuously, Amazon make you apply, while 3Tera monitors for you and applies credit automatically.

SLA alone should not be used to choose which vendor you use.

Contract end

This area is shown to be vague for most vendors, few providing any clarity around what they will or won’t provide with respect to your data, its preservation, your access to it and what form it may be in.

Warranties and warranty exclusions/limitations

The report also noted that few cloud providers were willing to provide warranties around how fit-for-purpose the service is, outside of existing provisions under statutory law.

Loss and limitation provisions

Further to what we discussed under security and backup, some providers refuse liability for direct loss, meaning clients cannot sue if unable to access data. Many contracts will cap the liability to 12 month’s fees for liability.

You can read the full report here if you are interested, or you can contact The IT Department if need help dissecting a cloud service provider’s contract.