What you should include in an agreement with a cloud provider

Cloud computing is a lot like the weather: Everybody talks about it, but nobody does anything about it. Just 9.3% of companies say they'll be using platform or infrastructure as a service (P/IaaS) offerings by the end of the year. And a paltry 4.5% have definite plans to use cloud services in 2011 or 2012.

Cloud computing skeptics abound

That's for the moment, anyway. But if you look a little deeper into organizations' plans, the trend towards cloud is clearly gathering momentum. A whopping 27.3 % of companies say they're currently evaluating infrastructure cloud services, and I strongly suspect the rate of uptake will increase dramatically in 2011.

What's stopping folks from moving to cloud today? The No.1 concern is security, including privacy, regulatory compliance, and data protection. Companies are also concerned about data retrieval and migration: What happens if a cloud provider goes belly up? Or if they need to move data from one cloud player to another?

The good news is that none of these hurdles are technical -- which means overcoming them doesn't require new technology. In fact, all of these issues can be handled by crafting the right contract terms and conditions — something telecom managers are well aware of from their years of telco negotiations.

Herewith, some of the issues to look for when crafting an agreement with a cloud provider:

• Privacy. Ask the provider how it protects data from unauthorized access. Who is authorized to see data under normal business operations? Under what conditions is access granted to third parties? How is this logged and verified? Many regulations require proof that data is protected appropriately, which has led to a boom in companies hiring auditors to validate compliance. Guess what? What works in the enterprise can also work in the cloud: Several companies we work with have successfully negotiated quarterly auditing of their cloud providers to ensure compliance. Again, the trick here is to spell out exactly what a provider will do in particular situations -- and articulate a financial penalty for failure to comply. And regular offsite backups can be effective protection against data loss in the event of a company's bankruptcy or acquisition. As with any service provider contract, IT professionals should negotiate clear SLAs. For cloud providers, these should include, but not be limited to, clear metrics around performance (both networking and computing), provisioning, and change management. Make sure to include details around escalation policies and procedures and penalties. And retain the right to request alternative support staffers if the provider seems to be offering you the "B" team.

• Regulatory compliance.

• Data protection.

• Service-level agreements.

• Account management.

The bottom line: Effectively contracting with cloud providers can mitigate much of the risk in migrating to cloud services.

Johnson is president and senior founding partner at Nemertes Research, an independent technology research firm. She can be reached at johna@nemertes.com.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in