Gartner Wrote It (About the Cloud), But Here is a Software Attorney’s Take.

Gartner Wrote It (About the Cloud), But Here is a Software Attorney’s Take.

  • rrccv
  • freecycle

Gartner wrote this interesting piece recently called the “Rights and Responsibilities for Consumers of Cloud Computing Services” and published it in the Cloudbook. It is worth a read, and I also have added some of my insights on how and where to address the issues (what should be in the cloud agreement/cloud contract and what is more of a policy statement/communication issue).

1) Retain Ownership of Data. This is covered ground, and nothing new to most people. I think all cloud agreements should address this issue as clearly as possible, so everyone knows who owns what, and how and when data can be returned to the customer.  Oh yea, there is already litigation on this issue, so this is an important issue! Recent Case (see page 4)(Address in Cloud Agreement)

2) Service Level Agreement. This one too is nothing new, as service level agreements have been around forever. I think the SLA should be in the cloud agreement, and not left to a policy statement. (Address in Cloud Agreement)

3) Notification of Changes to the Service. This is a great idea, and cloud vendors really should communicate about (but let’s add material or significant) change to their service (i.e. ones that would impact their customer or that they would want/should know about). I think the key here is for the vendor to be as transparent as possible, so there aren’t any missed expectations (that is what often leads to disputes and litigation). This too is a communication or policy thing, so it does not need to be in the cloud agreement. (Address via Communication)

4) Understand the Technical Limitations. Gartner is suggesting here that the vendor educate their customer on architecture and technical issues that they should know about. This seems like a no brainer, and is something that every cloud vendor should do as part of selling and supporting their service. (Address via Communication Before and After the Sale)

5) Understand the Legal Requirements of Jurisdictions Where Service Provider Operates. In essence, Gartner is saying that the cloud vendor should tell their customer where their data resides, and handle any legal and privacy issues associated with the transfer of customer data. This seems like a reasonable expectation, and also sounds more like a policy statement (not something that necessarily needs to be in the cloud agreement . . . other than some type of vendor warranty  that “they will comply with all applicable laws regarding their performance under the agreement”). (Address via Communication Before and After the Sale)

6) Know the Security Process the Provider Follows. While this is usually not a contractual issue for a cloud agreement, I think it should be a policy statement wherein vendors communicate what they are doing to secure the customer data. (Address via Policy Statement)

7) Understand and Adhere to Software License Requirements. The issue here is that software vendors should communicate if they allow their customer’s to move their licenses from an on-premise license to the cloud. I find that this is more of a policy statement by a vendor, but it should be documented (if the transfer or use/access is allowed) in an addendum or some type of legal agreement. (Address via Communication and in an Amendment)

All in all, I think this is a great current and short list of many of the important issues to consider when working with a cloud vendor. However, it seems like these lists keep changing and everyone (including me) is still trying to figure out what the most important issues are, and how to address them appropriately.

Resources (lot’s of these Bill of Rights things out there!):

CNET Cloud Computing Bill of Rights.

 

Altimeter’s: SAAS Bill of Rights.

Legal Disclaimer: This does not constitute legal advice, and is provided for educational or informational  purposes only.

Categories
2 Comments
  1. Jeremy, Very helpful advice as always.

    In addition to specifying that the customer owns the data, the vendor should consider specifying the format in which data will be returned to the customer. The vendor doesn’t want to put itself in a position to spend lots of time and money preparing the data into some non-standard format.

    Your advice is especially helpful in that you’ve specified which items should go in the legal agreement and which are better left to other documents. I’ve found that a comprehensive document on security policies and procedures, for example, can be useful in addressing the concerns of IT people involved in the evaluation and purchase process.

    Peter Cohen
    SaaS Marketing Strategy Advisors

    • Peter, thanks for the comment, and you nailed it.

      The legal case I mentioned in this blog post (under item #1) was a case about (in part) the format of the data to be returned to the customer. While this is not a technical legal requirement, it is a great practical thing SAAS vendors should think about addressing in their agreements.

      Jeremy

One Ping
  1. [...] This post was mentioned on Twitter by Tech Venture Capital, Jeremy Aber. Jeremy Aber said: Gartner Wrote It (About the Cloud), But Here is a Software Attorney’s Take. http://goo.gl/fb/Z21Jy [...]

Leave a Reply

* Copy This Password *

* Type Or Paste Password Here *