I’ve been at a number of IT conferences over the last few weeks where people have spoken about the changes in the IT industry and the general direction of travel – where will IT be in 2yrs, 5yrs and 10yrs+ time ? Conferences on IT now tend to have at least some discussions about the cloud https://www.computerweekly.com/blog/Investigating-Outsourcing/Cloud-dominates-Indian-shindig-Day-two-Nasscom
But what is the Cloud ? The National Institute of Standards and Technology defines it as:
- “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.
The term “cloud” is also used as a metaphor for the Internet, based on the cloud drawing used in the past to represent the telephone network.
However, talking about the “cloud” with delegates at these conferences, each person seemed to have a different opinion upon what exactly the “cloud” consisted of or what services would be included in “cloud” services.
Many IT suppliers talked about how “cloud” services could benefit customers via cost savings for those customers but there was some uncertaintly as to exactly how IT suppliers could make reasonable profit margins out of IT suppliers providing “cloud” services.
From a legal perspective, the “take away” points for me from these conferences about cloud were that:
1. If an IT supplier is providing “cloud” services then it is really important to understand how these services are provided, who they are provided by and where they are provided from – here rules and regulations relating to Data Protection are likely to come into play;
2. Does the IT supplier’s business model work regarding providing you with these services. For example, is it clear that the business model that the IT supplier is using has a proven track record and that it is enduring so that the IT supplier can make a profit out of providing its services on a long term basis.
This is important because if the IT supplier’s business model is not robust or profitable then problems that the IT supplier may face may, in turn, actually start to become a problem for you as the IT customer;
3. The legal terms of any IT supplier need to be scrutinised carefully to establish 1 and 2 above.
However, other questions arise that need to be answered to your satisfaction such as:
– is there a Service Level Agreement (SLA) and what are the remedies for breach of that SLA ?
– what happens if there are internet outages ?
– what security and confidentiality measures are in place to ensure that data that is stored and processed by the IT supplier is safe and secure ?
– what kind of exclusions and limitations does the IT supplier have in its standard terms – i.e. what kind of events or circumstances does the IT supplier exclude or limit its liability for ?
Overall, the message I took away from these conferences was that although Cloud services can provide benefits, including cost savings, BEFORE entering into a Cloud Services Agreement with an IT Supplier it is important to double check that (i) the services that you are receiving are, in fact, what you expect to receive (in terms of pre-defined standards, speed of delivery and continuity); and (ii) the legal terms upon which the services are being provided to you do not leave your organsiation exposed to any unnecessary risks.
At the moment I’m reviewing cloud service agreements for a number of clients and so if you would like more tips on what to look out for in these t’s & c’s then please get in touch.