When there's a third party in the cloud
A third party can increase risk, so your contract should address this possibility
Computerworld - When contracting for cloud-computing services, one challenge is that there may be more parties involved than your company and the cloud vendor. The vendor might outsource some of the services covered in the contract, or it could end up under different ownership after a merger or acquisition. On the client end, you might choose to work with a cloud broker. Because the introduction of third parties can increase risk, it's essential for potential cloud clients to identify third parties before adopting a cloud service, thoroughly understand their roles and ensure that their responsibilities are effectively addressed in the contract.
You need to know whether your cloud-computing vendor is itself outsourcing to another cloud-computing vendor. For example, a SaaS vendor, such as Dropbox, could be running its service in the data center of a third-party IaaS vendor, such as Amazon Web Services. This can increase the complexity of a cloud-computing contract, especially in determining which vendor is responsible for which action. To mitigate risk, the contract should obligate the cloud vendor to do the following:
* Identify any functionality that is outsourced and name the third party.
* Require any third-party vendor to abide by the same security policies and procedures that apply to the cloud vendor's employees.
* Have business continuity plans in the event that the third-party vendor fails.
* Take direct responsibility for all aspects of complying with the terms of its contract with you.
Mergers and acquisitions
In the past 12 months alone, the rate of cloud vendor acquisitions has been nothing short of breathtaking. Oracle purchased Right Now. SAP picked up Success Factors. Microsoft bought both Skype and Yammer. And that's just the tip of the iceberg. The risk for clients is that the new owner might not continue with the same product road map or honor contract terms.
No matter how good your due diligence ahead of signing a cloud contract, none of us can predict the future. Because cloud computing is a growing and volatile market, it has many new players. The weaker among them might not have long-term viability, while the stronger ones could become targets for acquisition. In either event, your data and ongoing access to the service could be at risk, so it is important to do what you can to mitigate these risks. One approach is to include contract language along these lines:
ASSIGNMENT. This Agreement shall be binding on the parties and their successors (through merger, acquisition or other process) and permitted assigns. Neither party may assign, delegate or otherwise transfer its obligations or rights under this Agreement to a Third Party without the prior written consent of the other party.
Other columns by Thomas Trappler
- NASA's cloud audit holds value for all
- Who can pry into your cloud-based data?
- Does your cloud vendor protect your rights?
- Software licensing in the cloud
- For credit card handlers, cloud computing guidelines just got clearer
- Regulations and the cloud: HIPAA modification provides clarity
- Certification programs are making it easier to know all about a cloud vendor
- The do's and don'ts of safeguarding cloud-based data with encryption
- For a good cloud contract, start with an RFP
- It takes a team to create a good cloud contract
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ESG: The IBM FlashSystem 840: Technical Evolution to Deliver Business Value In this whitepaper, you will learn how this high-speed storage technology has tremendous potential to support I/O-intensive and/or latency-sensitive applications.
- Choosing an MDM Platform: Where to Start the Conversation If you're in the early stages of choosing an MDM solution, or you're considering switching vendors, here are seven critical questions to ask...
- Axeda Platform Technical Overview This paper summarizes the major features of an IoT platform and explains how they simplify and speed the process of developing and deploying...
- Stock Shock: The effect of project and portfolio management on share price In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cloud Computing White Papers | Webcasts