Negotiating Cloud Contracts – Beware Too Much Legalese, Multi-Year Terms and Lack of Disaster Recovery
With the ever-growing number of solid Cloud (SaaS, IaaS) services, one is confronted with more and more SLA contracts which one must be adept at wading through and spotting the pitfalls for the enterprise.
Recently I had the misfortune of having to wade through 50 pages of legalese for a straight forward co-location agreement. Yes, FIFTY pages of complicated clauses, whereins and wherefores. In all my years of reading fine print and performing contract negotiations, I have never seen such a masterwork of legalese which would make your head spin! Needless to say, that contract was chucked in the shredder and I went elsewhere.
When reviewing Cloud service contracts, here are some points to keep in mind:
- Beware too much legalese: you should be able to easily reach through the contract with all points making sense before you send it on to legal. At the end of the day, you need to understand the contract because if things go sideways down the line then management will be coming back to you!
- Beware multi-year terms: most cloud providers want to lock you in for 3 years with the carrot of giving you the deepest discount. Three years is an eternity on today’s technology express train. Are you 100% positive you will be on that platform for 3 years? If not then do some hard negotiating for a 1 year term.
- Beware unclear disaster recovery procedures: moving to the cloud is easy but you need to look behind the those pretty puffy white clouds and understand the service provider’s disaster recovery procedures. Anything in the cloud is just supposed to be up 100%, right? Look, those platforms are run by humans and to “err” is human and those platforms will go down. Even the king of SaaS – Salesforce.com – has outages from time to time. A primary question to ask is where is their data center? Is it located in the heart of earthquake country – San Francisco? Bad choice, then. The next question to ask is where is their backup or secondary data center? If the primary data center goes down then how will your service come back up? How long will you be down in that scenario? Don’t assume that the cloud provider has everything already sorted out. Ask those hard questions as if the their data center were yours!