I wandered lonely as a cloud…customer
I wandered lonely as a cloud… customer in the multi tenanted
space…
where negotiating such cloud contracts, is a challenge we
regularly face.
With key issues to consider, suspension rights, service levels,
GDPR to name a few,
We have some tips and tricks, we’d like to share with you.
To begin my poem, I pose the question what is the cloud indeed?
It is using computing as a service to deliver your IT need.
You may elect a public, private, or hybrid cloud deployment,
With public offered to all, and private for exclusive enjoyment.
Some characteristics may include, a consumption based model,
Pay as you go for your utilised needs, it really is a doddle.
Broadly speaking there are, three types of cloud based services,
Software, platform or infrastructure as a service, they serve
multiple purposes.
There are some key cloud vendors, who you no doubt will have seen,
Amazon, Google, Microsoft, and others who are so keen.
So let’s talk about that bizarre enterprise contract structure,
Which we find is rather complicated, and leaves customers in a
fluster.
With acronyms and terms such as GSIFIs, EAs and SCEs,
At first it seemed so foreign to me, as if were Portuguese.
But after some time we do find, these terms become natural to you,
and you can weave your way through the contracts to work out what
best to do.
With proposed standard terms from cloud vendors, you work hard for
substantive amends,
As everything is up for grabs, perseverance and patience will
become your friends.
What amends to my contract might I want? I hear you very well ask,
Well let me now turn to some detail, as to that very such task.
With regulatory and security issues to consider, location of data
is key,
Ask your vendor how data is stored, and where such location will
be.
To help to mitigate, any potential contractual risk,
We’d advise to include such terms, that represent best practice,
Such as inclusion of security obligations that must be adhered to,
Consequences of not meeting them, and recourse available to you.
These may involve security breach notifications and other
operational steps,
Such as encryption of sensitive data and required penetration
tests.
Another key issue to consider, is the platform availability,
And service levels are crucial, to measure resiliency.
Back-up data is important, as is restoration, should the system go
down,
We’d advise the contract be bolstered, to ensure no reason to
frown.
No one wants to think of the end, when starting a partnership,
But exit obligations are key, for transition without a blip,
So consider the return of data and exit assistance now,
What format does it need to be returned in, and even consider how.
Deletion of data also needs to be thought about, at this
contracting stage,
Evidence of deletion may be required, to ensure all on the same
page.
So let’s take a step back and have a think, about what is the best
approach,
A customer led template of terms, is a difficult subject to
broach,
As I mentioned before cloud contracts, are often on standard
terms,
So negotiating more favourable positions, may take several turns,
An alternative approach to the contract, could be to introduce an
‘overlay’,
An overarching set of terms, a rider one could say.
These would prevail over the cloud vendors’, standard t’s and c’s,
and include amendments to the terms, such as regulatory ‘must
sees’.
When setting up these additional terms, do not forget of course,
for full incorporation, an entire agreement clause.
Some trends it may be worth mentioning, that we quite often see,
Are movements away from positions, such as the limited warranty.
As you no doubt will have seen, warranties are given ‘as is’;
Dependent on size of deal, we would recommend you push this,
A stronger more robust warranty, is worth putting pen to paper,
Trust us when we say, you won’t regret this later.
Audit rights for customers are still difficult to obtain,
But we see greater openness for customers, to alleviate regulatory
pain.
Last but not least I must refer to, the limitations of liability,
Which we must not forget to consider, in the context of the
warranty.
Fix obligations must be without prejudice, damages claims by you,
Otherwise you will find yourself in an unfavourable position, it’s
true.
Caps of around 100% annual charges, still remain common place,
Push for higher DP caps however, for GDPR fines you might face.
I finish with one final note, to thank you for your time.
I hope this poem has pleased you, it has been difficult to rhyme!
Although this is not of course, William Wordsworth’s poetry…
I am grateful to, and thank, SCL for the opportunity.
Holly Pearsall is an Associate at DLA Piper (UK) LLP
