Sergey Nivens -

Cutting the cord: Negotiating cloud contracts with problematic customers

How accountable should cloud firms be for the actions of the customers that use their platforms, and how much thought should they give to aligning themselves with problematic brands before hosting them?

This article can also be found in the Premium Editorial Download: MicroScope: MicroScope: Time for change

How close an eye should cloud firms keep on their customers, in terms of how they use their platforms and what for? And how accountable will they be if users decide to appropriate their platforms to carry out nefarious deeds?

That is a question that has come into sharper focus of late, in response to the news in August 2019 that cloud security and performance management platform Cloudflare was terminating its contract with free speech-championing online messageboard 8chan.

“A cesspool of hate” is how Cloudflare CEO Matthew Prince described its former customer, after it emerged that several mass shooters had uploaded manifestos or letters of intent to the site before going on to commit terror attacks and atrocities.

“Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit,” wrote Prince in a blog post, outlining Cloudflare’s decision to sever ties with 8chan.

As well as raising questions of regulation, the situation also prompted a debate about how much of a moral compass technology companies should have, and how far they should go in enforcing this against their customers?

Prince admitted in his blog that the company had reluctantly tolerated content that was reprehensible – but claimed that it draws the line at platforms that demonstrate that they directly inspire tragic events.

“In taking this action, we’ve solved our own problem, but we haven’t solved the internet’s,” he wrote.

Gartner analyst Frank Buytendijk suggests there are four key questions that tech companies need to ask themselves when it comes to handling potentially problematic customers.

The first is whether or not the way the customer uses the platform is legal. The second is to weigh up the risk to the tech company’s reputation if it continues to do business with that customer, as well as the risk posed to users.

The third question relates to how a company goes about differentiating itself from its rivals, with its customer mix often forming part of that equation.

“Many social media companies have the competitive differentiation of being able to do something on their platform that you couldn’t do on other popular platforms,” says Buytendijk.

There is also the not-insignificant issue of how a tech firm squares accommodating the activities of a problematic customer with its own business values.

A notable example here is Google, which has previously extricated itself from high-value public sector cloud contracts in the US that could have seen its technologies used in waging war against other nations. For similar reasons, it has also publicly committed to not selling its facial recognition application programming interfaces (APIs) to law enforcement agencies because of regulatory concerns.

Google’s stance was shaped, in part, by its own stated business values, but also by the reaction of its own staff, who have publicly aired their misgiving about the firm’s involvement in military contracts.

How to say no?

For Morgan Legge, director of operations at A/B testing and personalisation company Convert, sometimes the reputation of a prospective customer can give suppliers cause to turn down their business.

In fact, Legge claims that her company has, in the past, turned down customers “well known for their homophobia and conservative social agenda which is cloaked in ‘Christian values’ doublespeak”.

“We believe in creating a sustainable, ethical world where we treat everyone with respect and honesty, which is why we put our social, economic and product missions first,” she says. “Being homophobic and promoting a conservative social agenda is contrary to that.”

Jeremy Hendy, CEO of digital risk protection company Skurio, has terminated a handful of customer contracts in the past because they failed to comply with the company’s terms and conditions. In other case, it has chosen not to pursue an opportunity because it felt uncomfortable with the customer, or the use case.

“It’s never an easy conversation to have, but it’s important to us as an organisation that we always do the right thing,” says Hendy.

However, Emma Wright, a partner at tech-legal firm Kemp Little, suggests that smaller technology companies are less likely to terminate contracts based on how a customer acts morally. “How many of them would say no to a big customer when it’s millions of pounds’ worth of business,” she says.

Legalities of canning a contract

And it’s not just a question of ethics when the termination involves an existing customer: In such circumstances, can a tech firm legally part ways with a customer they believe to be acting immorally?

The company would effectively need an express provision in the contract describing the circumstances in which it may terminate the contract, says Wright.  

“You could say ‘it’s in our absolute discretion if we feel that something brings the company into disrepute or damages our reputation’, but that has limitations as well because the supplier would still have to act reasonably,” she says.

Sharon D’Silva, associate in the technology team at law firm Harbottle & Lewis, says the least risky option is to check whether there is a right to terminate for convenience, with a notice period given to the customer – although longer notice periods would make this difficult in the world of cloud computing.

Read more about cloud and customer relationships

“Alternatively, the supplier may choose to rely on termination for a ‘material breach not capable of remedy’, but this would depend on whether there are any terms in the contract requiring the customer to comply with the supplier’s terms of service and mandatory policies, and whether the contract has expressly stated that a breach of such terms will be material,” she says.

However, it is harder for a supplier to get something into the contract which effectively states that the customer cannot do anything that brings it into disrepute, says Wright. Therefore, a supplier risks terminating the contract on an unlawful basis, which could see it subject to legal action.

To guard against this, says Eitan Jankelewitz, a partner at law firm Sheridans, there are steps companies can take to minimise the damage caused by terminating a customer contract, which, in turn, will reduce their liability risk.

“This could mean phasing out the provision of the services and assisting the customer to onboard a replacement – anything to lessen the blow,” he says.

Reputations at stake

Another element to consider is what the reputational impact might be if a supplier decides to throw caution to the wind and keep working with problematic entities. Is there a risk that such an association might put other customers off using its services?

Mark Ridley, director of CTO advisory firm Ridley Industries, says this is certainly worth bearing in mind before taking on a client, because it can be far harder to address further down the line.

“We can increasingly quantify ethical issues, like those that have been in the press recently, as organisational risk which should be factored into procurement,” he says.

Karl Hoods, CDIO at the UK government’s Department for Business, Energy and Industrial Strategy, says that, in his previous role as a charity CIO, the organisation would not work with companies that had direct or indirect involvement in weapons manufacturing.

Such connections can be harder to assess in cloud computing environments, he concedes, as suppliers will inevitably be dealing with thousands of customers, and it is not always clear what their technology will be used for.

“In these cases, you’d make a judgement call in the context of the organisation you’re in, by applying your standards and ethical approach and assessing vendor policies and applying additional terms for them to comply with,” says Hoods.

In normal circumstances, customers are in a stronger position to demand broad rights for termination. If this was granted at the negotiation stage, it would mean they could stop working with an organisation with relative ease. But again the broad rights would have to expressly state that it would be at its discretion to do so.

Unlike many other industries, the main cloud providers hold such a dominant position that Wright believes they would spin this around and ask for the same broad rights for termination. “If they do that and exercise it, it would damage their reputation because it would mean leaving a customer high and dry,” she says.

What about employees?

As in the Google example mentioned above, it is sometimes employees who object to a tech company taking on a particular customer.

According to D’Silva, employees are under contract to follow their employer’s instructions, making it hard for them to refuse to carry out work for a particular customer – but that doesn’t mean they can’t protest.

“An IT company cannot perform its services without its employees, so it would certainly be foolish to entirely ignore the collective voice of its workforce,” she says.

And any attempts to do so could have a long-term, detrimental effect, says Wright. For example, the technology industry is already suffering from a lack of diversity, and ignoring the concerns of employees could harm retention and recruitment rates.

This is a difficult territory for suppliers to find themselves in, says Gartner’s Buytendijk. “If you keep supporting a controversial contract, then you may alienate part of your employee or customer base,” he says. “But if you don’t, then you could also alienate employees and customers. It’s a very fine line and I don’t think we’ve found it yet – we’re trying to figure out in businesses, how activist you can become.”

In time, companies are likely to take a clearer ethical position by incorporating elements of this into their terms and conditions, which can then be enforced by an internal legal officer.

The jury is still out on whether companies are likely to turn down huge sums of money for ethical reasons. Even the likes of Amazon, Microsoft and Google all know that if they drop a US government contract or one from another big organisation, it is likely that one of their competitors will pick it up.

The question then is: will profits always be more important than ethics? Or will, as in the consumer world, ethics and reputation become too important to ignore?

Read more on Infrastructure-as-a-Service (IaaS)

Data Center
Data Management