While cloud technologies continue to advance, the jargon on
cloud contracts still has a long way to go to attain clarity. There are
multiple legal issues and security risks presented by cloud computing, making
negotiating of cloud computing contracts essential. Many customers are
reluctant to commit without knowing where they stand legally, but what is more
alarming is that just as many businesses are unaware of cloud-related legal
issues before they sign for the service.
According to a recent study done by analyst firm Gartner, 80
per cent of IT procurement professionals will remain dissatisfied with SaaS
contract language and protection. Sometimes the cloud contract documents are
too complicated for decision makers to understand.
Apart from cloud contracts, there are other problems in
cloud computing. An independent market research report by Dynamic Markets
details interviews with 1,355 senior decision makers from businesses globally.
Respondents were selected from a wide range of business functions including
R&D, Sales/Commerce/E-commerce, Marketing, CRM, Finance and HR. The report
found that over half of the respondents (54 per cent) say their department has
experienced staff downtime in the last six months due to cloud integration
problems. In fact, departments not even using cloud apps have been affected by
Over half of the businesses (54 percent) have suffered from
missed deadlines and three quarters of respondents (75 percent) have had their
ability to innovate impaired by poor integration of their cloud applications,
which has left applications isolated from the rest of their business functions.
This is despite the fact that for the majority of businesses one of the main
drivers for deploying cloud applications is to improve operational agility and
Thomson Thomas, Senior Vice
President – Business Systems and Technology & CIO of HDFC Life said,
“Cloud presents many opportunities and also provides agility which is an
important differentiator. Attention is required to various clauses in the
contract regarding SLA, penalties, ability to scale up or down, version
upgrades and most importantly the courts that will be referred to, incase of a
dispute. Special attention should be given to termination and exit clauses and
also the support during transition incase of termination. Review any clause
that creates a lock in.”
“Security is another
important area and the service provider should be willing to be audited and
document how data will be deleted at the time of exit. Most importantly review
the regulatory compliance requirements on what parts of the portfolio can be
kept on cloud before entering into any such relationships. Just as any other
partner relationship, once the organisation makes a decision to move to the
cloud, get the legal team involved to review clauses and regulatory compliance.
Also define a strong governance and audit framework to ensure that you get the
optimal benefits of such a relationship,” he cautioned.
Bipin Pendyala, Secretary, ITsAP (IT & ITeS Industry
Association of Andhra Pradesh) said, “Cloud Computing provides a unique
opportunity for organizations to move their spend from CAPEX to OPEX, thereby
easing the pressure on cash flow.”
Pendyala opined that to leverage cloud computing
successfully, companies need to be aware of and review few things.
“First is security, the companies have to identity
management, single-sign-on, authentication provided by the service provider.
Company also has to balance their customer need for seamless experience
(Single-Sign-On) vs. authentication and identity management. Next is data
security, Location of data storage is important as it needs to be compliant
with the national laws,” he said.
“Next are Incident Management System & Response times –
review and understand the responsiveness and model of incident tracking and
triage by the service provider. Flexibility & Scalability – flexibility of
the service provider to provide scale-up and scale-down options (elasticity)
with quick turnaround time is essential but flexibility will come at a price.
Check the price options. Billing/
metering – ask for and review the billing format/ details. Look for automatic
renewals clause and strike it off,” he added.
Vikas Khanvelkar, MD DesignTech Systems Ltd said that Cloud
Computing Technology has revolutionized Knowledge management, transfer, sharing
and communication within and between the companies and entities. Detailing its
benefits, he said that it offers amazing benefits in terms of data storage,
data accessibility from any place at any time even through multiple mobile
devices, which has vanquished the physical and time barriers thus making
communication easier and feasible between the entities irrespective of their
“However, Companies must exercise caution while selecting
and hiring the cloud computing services provider. This service provider would
play a role of the external nervous system for the company, and any security
breach, leak of information or break down or errors in operations or technology
can put all your valuable knowledge and data at stake,” he said.
“Also, in countries like India where infrastructure in terms
of internet availability and speed is not that robust and hence can hinder
smooth accessibility of heavy data. We need to build our infrastructure strong
enough to support all these latest technologies so that companies can derive
highest benefits that they have to offer,” he added.
Neeraj Mediratta, CEO of Ace Data Devices Pvt. Ltd. cautioned
organizations about cloud computing contracts.
“Cloud computing is no more a new subject both for the IT industry
and the end user. Like any other new business, it had its own limitations when
it started off. There have been security lapses since the initial focus perhaps
was more on seeing the concept working, getting the market confidence,” he
“As the adoption is growing, service providers are becoming
more conscience of the fact that security needs to be taken better care of. In
the current era, several cloud computing standards have been created by the
organizations who are working on them. Organizations should consider key
factors while choosing the service and the service provider. These should
include the compliance level of the Data Center hosting the service, access
management controls, physical security to cover the physical part of it,” he