Press Release

STAMFORD, Conn., March 9, 2011 View All Press Releases

Gartner Highlights Four Risks CIOs Should Address When Contracting for Cloud Services

Cloud Sourcing Contract Terms Often Favor the Provider, Leaving the Buyer Exposed

Although cloud offerings are rapidly maturing, the immaturity of cloud service contracting means that many contracts have structural deficits, according to Gartner, Inc. Gartner has identified four risky issues that CIOs and sourcing executives should be aware of when contracting for cloud services.

"Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance," said Frank Ridder, research vice president at Gartner. "CIOs and sourcing executives have a duty to understand key areas of risk for their organizations.

"It's essential that organizations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks, and they should also plan mitigation for the most critical issues," said Alexa Bona, research vice president at Gartner. "This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change — sometimes without notification."

The four risky issues for CIOs, when contracting for cloud services include:

Cloud Sourcing Contracts Are Not Mature for All Markets
When analyzing cloud sourcing contracts, it is often obvious whether the cloud service provider wrote the contract with larger, more mature corporations, or the consumer side of the market, in mind. For example, there are cloud service contracts from traditional service providers for their private cloud offerings; these tend to include more generally acceptable terms and conditions. Gartner also sees many cloud-sourcing contracts that lack descriptions of cloud service providers' responsibilities and do not meet the general legal, regulatory and commercial contracting requirements of most enterprise organizations.

Gartner advises organizations to carefully assess the risks associated with cloud sourcing contracts. Areas such as data-handling policies and procedures can have a negative impact on the business case (for example, additional backup procedures or a fee for data access after cancellation) potentially creating compliancy issues and cost increases, and indicating specific risk mitigation activities.

Contract Terms Generally Favor the Vendor
Organizations that successfully outsource, evolve more partnership-style relationships with their vendors. Cloud service contracts do not lend themselves to such partnerships — mainly because of the high degree of contract standardization — where terms are consistent for every customer, and service is typically delivered remotely rather than locally.

An organization needs to understand that it is one of many customers and that customization breaks the model of industrialized service delivery. Cloud service contracts are currently written in very standardized terms, and buying organizations need to be clear about what they can accept and what is negotiable. To manage cloud services contracts successfully, organizations need to manage user expectations.

Contracts Are Opaque and Easily Changed
Contracts from cloud service providers are not long documents. Certain clauses are not very detailed, as URL links to Web pages detail additional terms and conditions. These details are often critical to the quality of service and the price (such as SLAs) for uptime or performance, service and support terms, and even the description of the core functionality of the offering. Clauses that are only fully documented on these Web pages can change over time; often without any prior notice.

Organizations need to ensure that they understand the complete structure of their cloud sourcing contract, including the terms that are detailed outside of the main contract. They need to be sure that these terms cannot change for the period of the contract and, ideally, for at least the first renewal term without forewarning. It is also critical to understand what parts of the contracts can be changed and when the change will take place.

Contracts Do Not Have Clear Service Commitments
As the cloud services market matures, increasing numbers of cloud service providers include SLAs in URL documents referenced in their contracts and, in fewer cases, in the contract itself. Usually, the cloud service providers limit their area of responsibility to what is in their own network as they cannot control the public network. Things are improving, but service commitments remain vague.

When deciding whether to invest in cloud offerings, buyers should understand what they can do, if the service fails or performs badly. They should understand whether the SLAs are acceptable and if the credit mechanisms will lead to a change in the providers' behavior; if not, they should negotiate terms that meet their requirements — or not engage.

Additional information is available in the Gartner report "Four Risky Issues When Contracting for Cloud Services." The report is available on Gartner's website at http://www.gartner.com/resId=1543314.

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 13,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.