New frontiers for the cloud: Dealing with outdated contract models

Government agencies must work through the contractual vagaries of cloud services

Contractual and licensing rules have not caught up with the cloud revolution, and as a result, federal managers moving e-mail systems to the cloud must carefully think through the implications as they negotiate service deals with cloud providers, industry experts say.

The basic legal premise of contracting for IT services is based on the hardware model — physical equipment transferred to an organization’s premises, where it can be monitored and maintained, said Bruce Hart, chief operating officer of Terremark Federal.

“That whole legal environment hasn’t had time to catch up with the cloud revolution,” Hart said.

Related coverage:

5 pitfalls that can scuttle a move to the cloud

Why software licensing could become more affordable, easier to understand

Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction from the service provider.

Government managers need to understand what warranties and legal obligations they can expect from a service provider in the event of a disaster, data leak or other information security risk. Contracts through which services are purchased and made available by providers are an important area in terms of risk mitigation, Hart said.

Software licensing is complex because it is also based on hardware-based models. So agency managers must worry about what comprises the cloud, including virtualization software and storage devices, and how the cloud e-mail providers will charge for license usage.

Federal managers should take a conservative approach in addressing those issues, Hart said.

Managers should also try to establish meaningful service-level agreements that are enforceable, said Bob Otto, executive director of advisory services at Agilex Technologies, a government IT services provider.

Vendors will most likely offer a default set of SLAs as the basis for negotiations. Those might contain common requirements that are easy for the provider to achieve, but they might not reflect what's important to an agency and its users, Otto said.

For example, IT outsourcing contracts generally focus on guaranteeing a specific service level. In contrast, business process outsourcing contracts typically commit to providing a specified outcome, he said. Neither is inherently better, and most likely, agency managers would want elements of both in their agreement. 

“The critical process is taking the time to understand your current expectations and requirements and baking this into the agreement in a meaningful and enforceable way," Otto said. 

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected