New frontiers for the cloud: Dealing with outdated contract models

Government agencies must work through the contractual vagaries of cloud services

Contractual and licensing rules have not caught up with the cloud revolution, and as a result, federal managers moving e-mail systems to the cloud must carefully think through the implications as they negotiate service deals with cloud providers, industry experts say.

The basic legal premise of contracting for IT services is based on the hardware model — physical equipment transferred to an organization’s premises, where it can be monitored and maintained, said Bruce Hart, chief operating officer of Terremark Federal.

“That whole legal environment hasn’t had time to catch up with the cloud revolution,” Hart said.

Related coverage:

5 pitfalls that can scuttle a move to the cloud

Why software licensing could become more affordable, easier to understand

Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction from the service provider.

Government managers need to understand what warranties and legal obligations they can expect from a service provider in the event of a disaster, data leak or other information security risk. Contracts through which services are purchased and made available by providers are an important area in terms of risk mitigation, Hart said.

Software licensing is complex because it is also based on hardware-based models. So agency managers must worry about what comprises the cloud, including virtualization software and storage devices, and how the cloud e-mail providers will charge for license usage.

Federal managers should take a conservative approach in addressing those issues, Hart said.

Managers should also try to establish meaningful service-level agreements that are enforceable, said Bob Otto, executive director of advisory services at Agilex Technologies, a government IT services provider.

Vendors will most likely offer a default set of SLAs as the basis for negotiations. Those might contain common requirements that are easy for the provider to achieve, but they might not reflect what's important to an agency and its users, Otto said.

For example, IT outsourcing contracts generally focus on guaranteeing a specific service level. In contrast, business process outsourcing contracts typically commit to providing a specified outcome, he said. Neither is inherently better, and most likely, agency managers would want elements of both in their agreement. 

“The critical process is taking the time to understand your current expectations and requirements and baking this into the agreement in a meaningful and enforceable way," Otto said. 

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected