Make Your Voice Heard: How to Negotiate a Cloud Deal
Before you sign on the dotted line with a cloud provider, consider these scenarios: What are the repercussions of terminating your agreement with a cloud vendor and switching to another provider? What happens to your data? Or, what happens if you have a billing dispute with a cloud provider? Or, what happens if your cloud vendor decides to terminate or reduce its services to you – say because it decides to pursue different business opportunities, or gets acquired – what is your recourse? Are you entitled to get your data back? How about a refund? What about costs to your business?
Dealing successfully with cloud vendors calls for negotiation skills that often aren’t provided as a part of IT training and education. Plus, because engaging with a cloud vendor tends to be very informal – often not involving more than a credit-card transaction – end-user customers may have little control over the intricacies of the relationship.
Dependencies on cloud vendors tend to be much stronger than on traditional application software providers, since end-user customers need to not only rely on their software development skills, but also on their abilities to run resilient, always-up data centers. Another issue that is new to the software vendor relationship is data – your data. Vendors may now be retaining and managing your data at their sites, out of your direct control.
This calls for a new type of relationship. Unfortunately, in many ways, the ins and outs of cloud relationships are still mushy and undefined, with many loose ends when it comes to cloud contracts. While many cloud providers have templates for standard agreements, there is always room for negotiation.
IT leaders who wish to successfully guide their cloud relationships need to be proactive in these relationships – just as proactive, or perhaps more, than they have been with traditional software vendors. They may want to consider an on-site visit to the vendor’s facility, and, if available, get involved with the vendors’ user group (or even help form one). Ongoing communication is important – it also helps to build one-on-one relationships between the in-house staff and the vendor’s support staff.
The most comprehensive guide assembled on the issues involved with cloud computing contract negotiations comes from W. Kuan Hon, Christopher Millard and Ian Walden, published in Stanford Technology Law Review. In their work, they spoke with both end-user companies and cloud providers.
Here are some key areas that need to be addressed as a part of cloud service negotiations:
Service level agreements (SLAs): This is the keystone to any cloud agreement. Hon, Millard and Walden report that there are about as many SLAs as there are companies, and the challenge is a lack of standards that cloud customers can follow to make sure they are receiving the services they expect. Of course, larger end-user companies have more clout in this regard, while smaller customers often may end up with a few key performance metrics as part of an SLA. The vendors the authors spoke to note, however, that they see few customers actually demanding accountable SLAs.
The authors advise that “users with mission-critical applications seek higher availability levels, warranties regarding response times, undertakings not to terminate services without notification and consent, longer prior notification of proposed maintenance downtime, perhaps even notification of usage exceeding agreed limits (to allow the user to investigate and manage the situation), rather than immediately throttling usage and slowing performance without consulting users.”
Transparency: The ability to monitor what’s taking place with the cloud application, in real or near-real time is critical. The vendor should be able to provide a dashboard or web page to provide updates on service. As mentioned above, here is an instance where ongoing communication plays a role – the ability to work closely with support staff to resolve any issues or questions should be established up front.
Data retention: The main questions associated with data retention are: will providers retain users’ data when needed by users, so users can retrieve data in usable format? And will providers delete user data when required? In most cases, these issues haven’t been negotiated, the authors find, even though they should be.
Security breach notification: Amazingly, “many providers’ standard terms did not require security incidents to be reported to users,” Hon, Millard and Walden report. Vendors’ policies regarding breaches were all over the ballpark, with some agreeing to notify customers of breaches, while others agreed to faster notification of breaches when customers subscribe to higher service levels.
Liability: Many cloud providers state up front that they will not assume liabilities for outages and data loss. Vendors’ unwillingness to budget on this point has often been a “deal-breaker” in some negotiations, the authors report.
Engaging with cloud vendors represents a new way of doing business for most enterprises, and the types of agreements being forged are continually breaking new ground. Working out the best terms is something that needs to start right up front.
For more thought provoking cloud management insights visit vmware-erdos.com.