Gartner Highlights Four Risks CIOs Should Address When Contracting for Cloud Services
Cloud Sourcing Contract Terms Often Favour the Provider, Leaving the Buyer Exposed
"Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance," said Frank Ridder, research vice president at Gartner. "CIOs and sourcing executives have a duty to understand key areas of risk for their organisations.
"It's essential that organisations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks, and they should also plan mitigation for the most critical issues," said Alexa Bona, research vice president at Gartner. "This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change - sometimes without notification."
The four risky issues for CIOs, when contracting for cloud services include:
Cloud Sourcing Contracts Are Not Mature for All Markets
When analysing cloud sourcing contracts, it is often obvious whether the cloud service provider wrote the contract with larger, more mature corporations, or the consumer side of the market, in mind. For example, there are cloud service contracts from traditional service providers for their private cloud offerings; these tend to include more generally acceptable terms and conditions. Gartner also sees many cloud-sourcing contracts that lack descriptions of cloud service providers' responsibilities and do not meet the general legal, regulatory and commercial contracting requirements of most enterprise organisations.
Gartner advises organisations to carefully assess the risks associated with cloud sourcing contracts. Areas such as data-handling policies and procedures can have a negative impact on the business case (for example, additional backup procedures or a fee for data access after cancellation) potentially creating compliancy issues and cost increases, and indicating specific risk mitigation activities.
Contract Terms Generally Favour the Vendor
Organisations that successfully outsource, evolve more partnership-style relationships with their vendors. Cloud service contracts do not lend themselves to such partnerships - mainly because of the high degree of contract standardisation - where terms are consistent for every customer, and service is typically delivered remotely rather than locally.
An organisation needs to understand that it is one of many customers and that customization breaks the model of industrialised service delivery. Cloud service contracts are currently written in very standardised terms, and buying organizations need to be clear about what they can accept and what is negotiable. To manage cloud services contracts successfully, organisations need to manage user expectations.
Contracts Are Opaque and Easily Changed
Contracts from cloud service providers are not long documents. Certain clauses are not very detailed, as URL links to web pages detail additional terms and conditions. These details are often critical to the quality of service and the price (such as SLAs) for uptime or performance, service and support terms, and even the description of the core functionality of the offering. Clauses that are only fully documented on these web pages can change over time; often without any prior notice.
Organisations need to ensure that they understand the complete structure of their cloud sourcing contract, including the terms that are detailed outside of the main contract. They need to be sure that these terms cannot change for the period of the contract and, ideally, for at least the first renewal term without forewarning. It is also critical to understand what parts of the contracts can be changed and when the change will take place.
Contracts Do Not Have Clear Service Commitments
As the cloud services market matures, increasing numbers of cloud service providers include SLAs in URL documents referenced in their contracts and, in fewer cases, in the contract itself. Usually, the cloud service providers limit their area of responsibility to what is in their own network as they cannot control the public network. Things are improving, but service commitments remain vague.
When deciding whether to invest in cloud offerings, buyers should understand what they can do, if the service fails or performs badly. They should understand whether the SLAs are acceptable and if the credit mechanisms will lead to a change in the providers' behaviour; if not, they should negotiate terms that meet their requirements - or not engage.
Additional information is available in the Gartner report "Four Risky Issues When Contracting for Cloud Services." The report is available on Gartner's website at http://www.gartner.com/....
Gartner UK Ltd
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to 60,000 clients in 11,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,400 associates, including 1,200 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.