See our Outsourcing Provider Directory here

Cloud Computing: Four Legal Pitfalls to Avoid

Part of the charm of cloud computing for many corporate leaders is its seemingly simple set up: sign on the dotted line, flip a switch, and the service is up and running. But taking that first step too lightly can lead to complex and costly problems down the road for cloud buyers – that is, there is a risk of legal traps.

“Many customers look at these deals in the same light as signing up for Gmail,” says Edward J. Hansen, partner at Baker & McKenzie. “In some respects its unfair to expect CIOs and CFOs to fully understand the implications of the cloud.  Many of the issues can be hyper-technical from a legal standpoint but can profoundly impact operations and integrity.”

Cloud computing vendors are quick to point out that standardization is at the core of the value proposition for “as-a-service” offerings, right down to the service agreement itself. But that standard boilerplate cloud contract—an ostensibly innocuous one- or two-pager—has actually been carefully hammered out to the provider’s favor, and potential customers would be wise to approach it with care.

But behind that basic façade are often complex calculations the provider has made that could prove detrimental to the client, says Hansen. Some common hidden time bombs in standard cloud computing contracts include provisions that disclaim liability if confidential information is published, make access to data at the discretion of the vendor upon termination, or require the customer to change its security policies to match the cloud providers, points out Pamela T. Church, partner and head of the intellectual property group in the New York office of Baker & McKenzie.

“There is a lot of pressure for companies to quickly move to a cloud computing model to realize the cost savings, gain access to new technology, and achieve higher levels of service,” adds Todd Fisher, partner in the outsourcing and commercial transactions practice of K&L Gates. “That pressure can cause some customers to focus on the upside, while not adequately accounting for the risk.”

Just because the total value of a cloud computing contract may be lower than a typical outsourcing deal doesn’t mean it requires less caution and scrutiny. “Too many times the business associates risk with dollar value,” says Hansen. “That is not the correct analysis, and procedures should be put in place that assess risk in a more sophisticated manner.”

Here are four legal traps to watch out for before signing on the dotted line for a cloud-based service.

1. Intellectual Property Exposure

Every company has valuable intellectual property and trade secrets. From a legal perspective, it’s that company’s duty to protect those knowledge assets, not its vendors.

“When moving trade secrets to the cloud, the customer must ensure the cloud provider has adequate protections in place to maintain the secrecy of the information,” says Fisher. “The customer needs to fully understand the protections in place to protect its proprietary information, processes and services, and then make a determination as to whether it’s an acceptable amount of risk to accept.”

Don’t settle for a provider’s standard contract when there are IP issues at stake, says Fisher. “Intellectual property is the lifeblood of many companies, so it is important to understand exactly how the customer will use the cloud computing services and whether any intellectual property will be developed.”

Potential cloud buyers should take care with the contract to make sure they retain ownership of all their own data and the provider uses it only to deliver the service, particularly IP-related information. An explicit provision preventing the vendor from misusing or disclosing customer IP is also a good idea.

In addition, new intellectual property can be created in the course of a cloud computing engagement and the customer may want to add provisions that give them ownership of assets created in the course of the deal. 

When a client hires a vendor to run a private cloud for them, for example, the vendor may create customizations and other intellectual property. Or a cloud provider may develop buyer-specific interfaces to access services. A customer may want to include a clause to retain ownership of such IP or preclude the vendor from using it with other customers, Fisher explains.

2. Bait and Switch Terms

It may go without saying to never sign a contract before reading it, but when it comes to cloud computing, many first-time customers sign on the dotted line based on what they’ve read about the offering or claims on the vendor’s web site.

Always read the contract in front of you, not the vendor web site, says Church. It’s not uncommon that vendor advertising contradicts their actual agreements.

Equally as troubling is any cloud contract that’s as vague as the vendor’s marketing collateral. Terms that merely require conformity to “industry standards” or performance that is “appropriate,” “sufficient” or “best practice” are legal traps that are practically waving a red flag. Cloud computing customers should define specific standards of performance such as results, services levels or tasks to be achieved.

3. Weak Disaster Recovery and Business Continuity Processes

This is one of the cloud computing legal traps with the worst ramifications.

There has been no shortage of high-profile cloud computing failures and service disruptions in recent years. Yet business continuity and disaster recovery continue to get short shrift in cloud computing agreements.

It’s in a cloud provider’s best interest to have robust disaster recovery and business continuity plans, but customers can’t simply rest on vendor good intentions.

Instead, cloud clients can contractually require cloud vendors to meet certain data back up and recovering requirements. They can even specify as a service level a recovery point objective (RPO)—the point in time to which the provider must recover data—and recovery time objective (RTO)—the speed with which the provider must restore the data, says Fisher.

When a service disruption or disaster occurs, many cloud computing clients are surprised to find their contracts silent on disaster recovery and business continuity and the cloud provider operating under a much less stringent RPO and RTO than expected, says Fisher.

4. Pin the Failure on the Customer

While it’s critical to hold the cloud provider to certain performance standards in a cloud computing contract, it’s also imperative to understand provisions that would hold the customer liable for poor performance or in breach of the contract. “When moving processes and services to the cloud, customers sometimes transfer certain software applications for the cloud provider to run or access,” says Fisher. “The customer should make sure the customer’s license agreement for those applications allows access or use by the cloud provider for the customer’s benefit.  Otherwise, the customer could be facing a breach of the license agreement and a subsequent infringement claim.”

As with any services deal, the supplier may blame the customer when a disagreement arises. Cloud computing clients may wish to require the supplier to provide written notice to a specified individual within the client organization if the supplier asserts that the customer is failing to meet its obligations.

Such a provision makes it easier to identify the true cause of performance problems and solve them before they get too costly or litigious.

What are the legal traps you know of in cloud computing? Did we miss any? Let us know!

 

Get 3 Free Quotes Logo

  • Save 70%
  • Unrivaled expertise
  • Verified leading firms
  • Transparent, safe, secure

Get Started

Book a Call Now Logo

Start your Outsourcing Journey in 15 seconds.

Get Started

Outsourcing

Dive into “Outsourcing”

A Guide to … Selecting the Correct Business Unit … Negotiating the Contract … Maintaining Control of the Process

Order now

Outsourcing Articles

Start your
outsourcing
journey here

"*" indicates required fields

Start your outsourcing journey.

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

This guide will walk you through some areas most important when outsourcing, such as
  • Identifying Your Outsourcing Needs Intelligently
  • Research & Selection
  • The Bidding Process
  • Contracts & Agreements
  • Implementation & Onboarding
  • Ongoing Management
  • Evaluating Success
  • Additional Resources

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Become an OC Partner
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Media Inquiries for OC
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Subscribe to our Newsletter
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit Press Release
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit an Article
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Request Ben Trowbridge as a Keynote Speaker
This field is for validation purposes and should be left unchanged.

Go to standard quote

Exclusive Enterprise Assistance

  • Independent
  • Trusted
  • Transparent

Offshore staffing solutions for enterprise. Independent expertise, advice & implementation

  • 200+ Firms, Global Reach
  • Offshore, Nearshore, Onshore, Rightshore
  • Managed Request for Proposal (RFP)
  • Assisted Procurement Processes
  • Vendor Management
  • Unique Build Operate Transfer model
  • Captive & Shared Services
  • Champion-Challenger
  • Multi-site, multi-vendor, multi-source
  • Managed Solutions

For Enterprise and large teams only

  • Book 20-minute consult, obligation free

You will get:

  • Needs Analysis & Report
  • Salary Guidance & Indicative Pricing
  • Process Map

Only takes 1 minute to complete the form

Get Started

Not an enterprise?

Go to standard quote