New frontiers for the cloud: Dealing with outdated contract models
Government agencies must work through the contractual vagaries of cloud services
- By Rutrell Yasin
- Apr 28, 2011
Contractual and licensing rules have not caught up with the cloud revolution, and as a result, federal managers moving e-mail systems to the cloud must carefully think through the implications as they negotiate service deals with cloud providers, industry experts say.
The basic legal premise of contracting for IT services is based on the hardware model — physical equipment transferred to an organization’s premises, where it can be monitored and maintained, said Bruce Hart, chief operating officer of Terremark Federal.
“That whole legal environment hasn’t had time to catch up with the cloud revolution,” Hart said.
5 pitfalls that can scuttle a move to the cloud
Why software licensing could become more affordable, easier to understand
Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction from the service provider.
Government managers need to understand what warranties and legal obligations they can expect from a service provider in the event of a disaster, data leak or other information security risk. Contracts through which services are purchased and made available by providers are an important area in terms of risk mitigation, Hart said.
Software licensing is complex because it is also based on hardware-based models. So agency managers must worry about what comprises the cloud, including virtualization software and storage devices, and how the cloud e-mail providers will charge for license usage.
Federal managers should take a conservative approach in addressing those issues, Hart said.
Managers should also try to establish meaningful service-level agreements that are enforceable, said Bob Otto, executive director of advisory services at Agilex Technologies, a government IT services provider.
Vendors will most likely offer a default set of SLAs as the basis for negotiations. Those might contain common requirements that are easy for the provider to achieve, but they might not reflect what's important to an agency and its users, Otto said.
For example, IT outsourcing contracts generally focus on guaranteeing a specific service level. In contrast, business process outsourcing contracts typically commit to providing a specified outcome, he said. Neither is inherently better, and most likely, agency managers would want elements of both in their agreement.
“The critical process is taking the time to understand your current expectations and requirements and baking this into the agreement in a meaningful and enforceable way," Otto said.
Rutrell Yasin is senior editor for GCN covering cloud computing.