Generally what I hear from clients is that the cloud isn’t that much different than their current offerings, so why should they revise their contracts? Markus Latzel of Palomino System, Christopher Garcia of Dell and I discussed this issue yesterday at HostingCon While the cloud, from a legal perspective, is an evolution, rather than a revolution, there are some significant issues that you should think about.
Christopher started out with a deep discussion about how pre-planning your contract drafting and/or negotiation is critical in ensuring that your contracts in this evolving technology adequately protect you. In particular, hosts should spend some time discussing the delivery model with their customers. Important areas that should be covered include: SLA’s, whether an audit should be conducted, Security, and whether there is a special data requirement, like regulation. There was significant discussion about how companies can comply with regulations like HIPAA / HITECH and Sarbanes Oxley, even if they don’t have expertise in these areas. Creating contracts that effectively segregate responsibility for these, goes a long way to dealing with risk in a cloud contract. Because of the nature of the cloud, complying with these regulations will be more difficult, and risky for hosts.
You can more easily isolate risks in the cloud by defining your requirements ahead of time. You should specifically look at:
Operational concerns
A need for a secure revenue stream
Liability issues
Privacy
Security
Once you’ve agreed on a delivery model, you need to figure out the type of agreement you’ll use. In general, most hosts are better served with a “standard” agreement. Christopher pointed out that because the cloud is different from, say managed hosting, you can’t simply use a purchase order, or a service order that is attached to a master agreement that you drafted, or entered into with your customer 5 years ago.
Markus Latzel focused on intellectual property as a key difference in a cloud contract. As an initial matter, hosts need to understand what intellectual property is, and how it will be shared in the cloud. Will your ip be shared with your vendors through a new type of cloud platform? How will you protect your customer’s intellectual property and given your place in the cloud “stack” how will you isolate risk in that stack. Most importantly, how will you address IP issues ad have a happy contract “marriage.”
The panel then segwayed into specific contract provisions that may be critical to success in the cloud. We all felt that hosts need to focus on their SLA, disposition of data on termination, security and privacy, and choice of law. The key issue in a cloud SLA is for reliability to be demonstrated by metrics and objective criteria. Because the cloud is not as standardized as other types of hosting, there is great opportunity for hosts and their customers to define terms in ways that are important to them, as opposed to the 100% uptime that is standard in the hosting industry.
I emphasized disposition of data upon termination. Because of the distributed nature of the cloud, the contract needs to specifically state how data will be returned or destroyed throughout the entire cloud structure, and not simply with the directly contracted parties. Because most legal protections in the contract will terminate or expire on the termination of the contract, it’s important to consider this when drafting the contract.
We closed with a toolkit. Here are the “take aways” from the presentation:
What’s part of the agreement?
Where does the data go?
Does “one size fits all” work?
How reliable is the service?
When and how can the solution provider get its IP back?
How safe is the IP?
Did you handle breach of security?
Disaster recovery
Jurisdiction
What has the vendors performance been?
Terminate cleanly.
About David Snead
David Snead is a lawyer whose practice is focused on internet infrastructure providers. In his eleven years in this practice, he has represented clients including multinationals, middle tier hosting companies, and two guys, a server, a T-1 and a huge MasterCard balance.
A long-time WHIR contributor, David Snead is the Web hosting business's best-known legal expert. Through his WHIR blog, he offers a credible legal perspective on both specific actions in the Web hosting business and general developments in legislation.
No related posts.
