Wrangling aside, when it comes down to it, the goal of both the CIO and legal counsel is to promote the best interests of the company. To do that well in the context of the cloud, it's important that CIOs have a good relationship with their organization's lawyers.
Meet legal, your new best friends
Paul Lewkowicz, an intellectual property attorney at Daly Crowley Mofford & Durkee in Canton, Mass., advises, "Both sides have to think of things from the other party's perspective. IT has to think about what happens when everything goes wrong. The lawyers have to remember that IT is there to make the business run. [The lawyers] don't want to say no. They want to know what can make the contract more acceptable."
If IT wants or needs to negotiate details of a contract with a service provider, Lewkowicz says, they should have counsel do it. "Negotiating is an art form, and lawyers are trained to do it. IT people think of contracts as a couple of pages of specifics and then boilerplate. But it's that boilerplate that saves everybody's bacon when something goes wrong."
While it's important that the CIO and corporate counsel have a good relationship, says Thomas Trappler, a Computerworld columnist who teaches a UCLA extension course on cloud computing, it's even more important that they bring together a team to pore over the agreement and ensure that all issues are covered, he says. Admittedly, this may seem counterproductive because one of the benefits of the cloud is to reduce time-to-market and increase a competitive advantage, but it's worth spending the time, Trappler insists.
Once an agreeable contract is nailed down the first few times, it should get easier -- and take less time and effort -- for future contracts, at least in theory.
One key takeaway from Trappler's classes is team-building -- where the team includes the business process owner (the one whose needs the cloud will fulfill) and others involved in procurement, risk management, vendor management, legal, security and, of course, IT. WellStar's Fisher concurs. "When IT and the attorney and someone from compliance all sit down and go through a contract, with give-and-take about what's best for the organization, you get a lot of goodness out of it."
Industry watchers say it's all a question of due diligence, of knowing what the risks are. There are risks in everything, even in managing the data on your own premises. The biggest question is, how do you mitigate the risk? How do you protect yourself as best you can without stifling the business?