Trappler says that one of the things he stresses in his classes is the importance of team building -- where the team includes the business process owner (the one who needs the cloud service), legal counsel, representatives of IT and people involved in procurement, risk management, vendor management and security. WellStar's Fisher concurs: "When IT and the attorney and someone from compliance all sit down and go through a contract, with give and take about what's best for the organization, you get a lot of goodness out of it."
Industry watchers say it's all a question of due diligence, of knowing what the risks are. There are risks in everything, even in managing data on your own premises. The biggest question is, How do you mitigate the risk? How do you protect yourself as best you can without stifling the business?
"David Wells" (a pseudonym for a Fortune 500 corporate counsel who requested anonymity) agrees that getting subject-matter experts into one room promotes understanding. Each person can address facets of the deal with his own expertise, which helps the group identify which issues are worth worrying about and which aren't. "Otherwise, you can have lawyers spinning scenarios and creating fear, uncertainty and doubt. If you can't get past FUD because people don't understand it, you'll either crater the deal or, worse, do a bad one."
How do CIOs and counsel start collaborating? By asking questions. Ideally, the CIO should know the questions to ask before the attorney even requests the answers, but that doesn't always happen. "That's why I ask the same questions over and over," says Wells. "My people finally know not to come to me without the answers to my questions."
Beyond that, lawyers suggest CIOs ask what clauses in the contract really mean. Wells says that service-level agreements drive him especially crazy. He sees contracts promising restitution for downtime, but the amount of payback is minimal. "If your lawyer's not paying attention, your remedy for downtime is actually pennies on the dollar, and you give up your right to sue for breach of contract by accepting it," he says. "If you have a service provider [whose systems are] chronically down, the lawyer should insist on the right to terminate for breach of contract."
E-discovery is another issue that lawyers tend to focus on more than CIOs do. Murphy notes that there are companies like Nextpoint and X1 Discovery that specialize in discovery in the cloud, but the issue is more complex than it appears at first glance.
Forsheit agrees. "In the cloud, data is being replicated, so it creates more data for discovery, including metadata," she warns. Federal rules require that you must know where the data is and ensure that e-discovery will find it. "But if there's a server in the cloud that nobody thought about," she says, "people can get sanctioned or jailed, and lawyers can be disbarred."
In the end, legal experts say, getting IT and legal to agree on cloud contracts comes down to a matter of careful communication. "They have to speak each other's languages," Forsheit says. "Counsel needs to understand IT and vice versa. Doing it another way is not an option."
Baldwin is a frequent contributor to Computerworld.
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.
- The business impact of BYOA: Five major challenges and how your enterprise can solve them This E-Book reviews five major challenges of BYOA with key subject matter experts and outlines how businesses can solve them.
- The BYOA Opportunity Visual demonstration of problems that unmonitored, employee-introduced cloud apps can cause a business, and why IT managers need a solution to help and...
- BYOA: Embracing the Opportunity, Controlling the Risk This whitepaper explores the shift from BYOD to BYOA (bring-your-own-application) and how IT departments today can address this new change in the IT...
- AppGuru Reference Guide: Conquer BYOA Challenges, Leverage BYOA Benefits As the advantages of Bring-Your-Own-Application environments become increasingly apparent, BYOA is quickly becoming a reality for organizations of all sizes. But with the...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Cloud Computing White Papers | Webcasts