As with most other contracts, be it about a large purchase or an insurance, you should read (standard) contracts with your cloud provider very carefully. Chances are good that you will detect some points that border on insolence. There are certainly good reasons for using the cloud in business of any size, among them cost reductions and the ability to concentrate on the core business. By providing rapid adoption of new services, the cloud also enables quick innovation. But since your whole business will be influenced by the services delivered, they might sooner or later become disruptive to your daily workflow if not properly implemented.
"Uneven" relationship Clearly, the relationship between cloud service provider (CSP) and tenant is "uneven" from the beginning. The latter first of all has to pay for all extras, frequently called Managed Services - even for those that should be naturally included in any cloud contract. This way the customer has to pay more for letting the provider take over more of his normal responsibility. Delivering those kinds of "value-added service" only for much and more money can't be the unique selling point. I wonder what the provider's legal department says to those offers. The providers should be liable for breakdowns in service and data breach or loss. Most if not all deny that responsibility.
Reading the contract carefully can help avoiding the most obvious pitfalls. Make it a game: Find the aspects that could become a challenge for your daily business. There are some, trust me. Begin with the parts of the contract dealing with end-of-service, changes or availability. Don't be surprised if there is a clause that gives your CSP the freedom to go out of business with you at any time. He can also change services flexibly - mind you, flexibility should be on your side in the cloud, not on his - without having to announce it long in advance. Some CSPs think they don't need to announce it at all. Even if the change means that an important application won't run any longer.
Feature changes can pose problems Feature changes can evolve to a massive problem, when employees can't find some data again or see a completely altered user interface. This will lead to an increase in costs for help desk calls. Or imagine you customer relied on a certain feature that suddenly doesn't exist anymore. Just that the CSP thinks it is useless doesn't mean that you do so too.
Another issue concerns availability: Surely it is not always the CSP's fault if a service is not accessible. But where it is, availability guarantees amount to nothing if they are not connected to penalties. CSPs regularly disinclude liability in their contracts for damages on the tenant's side as a consequence of a longer outage - which is understandable. However, like this guarantees are relatively worthless. It should be added in this context that if you really need high availability you'll probably get it a lot cheaper in the cloud than with your internal IT. The cloud idea is not bad in itself.
Customization and the Cloud API (Application Programming Interface) changes might affect the integration between different cloud services or a cloud service and on-premise applications. It might as well affect customized solutions. Customized solutions? Is cloud computing not all about standards? Aren't the greatest benefits to be found in areas where customization won't mean a competitive advantage? Yes, maybe. But most business solutions - CRM, ERP, HR etc. - don't exist in isolation from other applications. They need to be integrated to work optimally. Last but not least APIs have to be upwards compatible. If they change or features will be turned down, the CSP client has to be informed long in advance to be able to prepare for it and to tell his customers in time.
How to find a good CSP So, how do you recognize a good CSP for your business? First of all, he should see the cloud benefits from your perspective, not only from his. For this he has to understand your main issues and challenges. Customers on the other side should always be prepared that things might not run as they expected. Therefore there should always an exit strategy fixed in the contract. This also helps to avoid the problem of a vendor lock-in which often is the result of long-term initial contracts. If a contract ends, the user should get his full data back immediately without any further costs.
Naturally not everybody running a business understands the concept of the cloud and how it works. It suffices to know how to find a good CSP and what elements a contract should contain that's beneficial to the customer.
This article has originally appeared in KuppingerCole Analysts' View newsletter.