In part one of this series, we discussed the issues of security, interoperability and vendor lock-in issues in cloud computing contracts. In this installment, we will discuss the five issues of regulatory compliance, reliability, complexity, privacy and pricing.
1. Regulatory compliance
Compliance touches on many issues, depending on the industry and requirements of the customer. Compliance is an issue that, along with security and privacy, often inhibits the adoption of cloud computing. In many cases, however, these issues can be addressed with a combination of contract provisions, careful vetting of vendors, the adoption of granular security procedures and, to some extent, insurance protections. A detailed discussion of the contract issues is beyond the scope of this article because the concerns vary substantially depending on the type of business. Companies should consult counsel that is familiar with the specific regulatory requirements of the business.
Customers need to address and understand, in the contract with the cloud provider, what happens when they must respond to legal discovery or a regulatory subpoena. Like the horizontal interoperability issue, the format for the extracted data, the length of time needed to extract the data, the vendor’s ability to search and cull the data and the cost of extraction are all important issues.
The service level agreement (SLA) should cover reliability. Availability, bandwidth and vertical interoperability should be addressed with as much specificity as necessary. The remedies, as explained in our last column, should, if possible, to incentivize the vendor to comply with the reliability requirements.
Availability numbers can be deceiving. A guarantee of 99 percent availability actually means that the service could be out for an entire day every 100 days. Many availability provisions do not address throughput or bandwidth. The service could be up, but unacceptably slow, and still be considered “available” under the contract. Customers should also understand that there may be exceptions in the contract that do not count towards the availability or related guarantees, such as the service being down for maintenance as the result of events outside of the vendor’s control. This is not to say that cloud vendors should be expected to guarantee 100 percent availability or ideal throughput all of the time, but only that both parties should understand and properly document their expectations.
Read more...Inside Counsel