Trappler says that one of the things he stresses in his classes is the importance of team building -- where the team includes the business process owner (the one who needs the cloud service), legal counsel, representatives of IT and people involved in procurement, risk management, vendor management and security. WellStar's Fisher concurs: "When IT and the attorney and someone from compliance all sit down and go through a contract, with give and take about what's best for the organization, you get a lot of goodness out of it."
Industry watchers say it's all a question of due diligence, of knowing what the risks are. There are risks in everything, even in managing data on your own premises. The biggest question is, How do you mitigate the risk? How do you protect yourself as best you can without stifling the business?
"David Wells" (a pseudonym for a Fortune 500 corporate counsel who requested anonymity) agrees that getting subject-matter experts into one room promotes understanding. Each person can address facets of the deal with his own expertise, which helps the group identify which issues are worth worrying about and which aren't. "Otherwise, you can have lawyers spinning scenarios and creating fear, uncertainty and doubt. If you can't get past FUD because people don't understand it, you'll either crater the deal or, worse, do a bad one."
How do CIOs and counsel start collaborating? By asking questions. Ideally, the CIO should know the questions to ask before the attorney even requests the answers, but that doesn't always happen. "That's why I ask the same questions over and over," says Wells. "My people finally know not to come to me without the answers to my questions."
Beyond that, lawyers suggest CIOs ask what clauses in the contract really mean. Wells says that service-level agreements drive him especially crazy. He sees contracts promising restitution for downtime, but the amount of payback is minimal. "If your lawyer's not paying attention, your remedy for downtime is actually pennies on the dollar, and you give up your right to sue for breach of contract by accepting it," he says. "If you have a service provider [whose systems are] chronically down, the lawyer should insist on the right to terminate for breach of contract."
E-discovery is another issue that lawyers tend to focus on more than CIOs do. Murphy notes that there are companies like Nextpoint and X1 Discovery that specialize in discovery in the cloud, but the issue is more complex than it appears at first glance.
Forsheit agrees. "In the cloud, data is being replicated, so it creates more data for discovery, including metadata," she warns. Federal rules require that you must know where the data is and ensure that e-discovery will find it. "But if there's a server in the cloud that nobody thought about," she says, "people can get sanctioned or jailed, and lawyers can be disbarred."
In the end, legal experts say, getting IT and legal to agree on cloud contracts comes down to a matter of careful communication. "They have to speak each other's languages," Forsheit says. "Counsel needs to understand IT and vice versa. Doing it another way is not an option."
Baldwin is a frequent contributor to Computerworld.
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Maximize Strategic Flexibility by Building an Open Hybrid Cloud Choosing how to build a cloud is the biggest strategic decision IT leaders will make this decade. It determines their organizational competitiveness, flexibility,...
- ESG: The IBM FlashSystem 840: Technical Evolution to Deliver Business Value In this whitepaper, you will learn how this high-speed storage technology has tremendous potential to support I/O-intensive and/or latency-sensitive applications.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cloud Computing White Papers | Webcasts