6 Key Takeaways: SaaS, PaaS, and IaaS: Evaluating Cloud Service Agreement Models, Negotiating Key Terms, & Minimizing Contract Disputes

Megan Demicco
Kilpatrick
Contact
LinkedIn
Facebook
X
Send
Embed

Kilpatrick

Kilpatrick Townsend Associate Megan Demicco recently participated in a webinar that provided guidance to business and technology counsel concerning drafting cloud computing service agreements.

6 Key Takeaways from the presentation include:

  • For businesses evaluating whether to move services to “the cloud,” it’s important to consider the transaction risk profile. Is this a “nice to have” business tool, or a mission critical application? As the criticality of the services at issue, or the sensitivity of the data to be hosted in the cloud increases, the risk of moving a particular service to the cloud increases.
  • Cloud service agreements should clearly reflect the scope of services being contracted for. Identify upfront whether any customizations may be needed; cloud providers generally limit customizations so they can more efficiently manage services and provide a scalable solution.
  • Ensure service level agreements measure the relevant metrics, and that associated credits appropriately incentivize the provider to perform. If a provider won’t negotiate the SLA metrics or credits, consider asking for a right to terminate for repeated or chronic service failures.
  • While data privacy and security in the cloud is never absolute, you can take steps to protect your business. Agreements should: (i) clearly outline permitted and prohibited provider uses of your data, and storage and access requirements; (ii) require provider compliance with applicable data security laws, industry best practices, and in some cases independent security standards or your internal policies; (iii) specify your audit rights; and (iv) outline the provider’s response requirements in the event of a breach.
  • Using the business model (one to many) as justification, cloud agreements typically offer very limited liability for the provider. Negotiate liability where you can given your relative bargaining power. You can also mitigate risk by choosing a cloud provider with a good track record and a strong reputation. Cyber liability insurance can be helpful but note coverages and policies vary widely.
  • Contemplate the end at the beginning. Be aware of provider rights to suspend or interrupt services, and to terminate early, and limit these if possible. Consider if you need assistance migrating data to a new provider and contract for this up front. Require the provider to give you access to your data, in a usable format, for a reasonable amount of time after termination.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Kilpatrick | Attorney Advertising

Written by:

Kilpatrick
Kilpatrick
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Kilpatrick on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide