Cloud computing : essential clauses in a cloud contract
More and more companies are turning to cloud services for computing power, large data storage, cost and optimization needs. Although this is a rapidly evolving market, there is still a lack of fundamental clauses in contracts or they are event signed without negotiation.
The different services
We will talk about Cloud instead of cloud computing. It is the use of the memory and computing capacity of computers and servers distributed around the world through a network. Thus, instead of storing their data in a single computer, companies store their data in different servers. In fact, each service (SaaS, PaaS, IaaS, XaaS) offers different advantages. These include infrastructure availability, cost reduction, flexibility, speed, scalability, testability, updates and reliability. However, like any digital tool connected to the Internet, risks of security, accessibility, transparency, opacity, complex pricing, unavailability, durability and data migration persist. This is why, instead of signing a cloud contract, it is recommended to negotiate certain clauses to avoid any misadventures.
The basic clauses
We can therefore cite :
1) The need to always negotiate price ceilings when renewing contracts so that they do not exceed 3 to 5% of your budget. This is due to the fact that cloud providers sometimes increase their prices exorbitantly.
2) Negotiation of hidden fees. By nature, cloud contracts are membership contracts that include a price for all services provided. But these services are very often limited and their use will incite additional fees. It is therefore necessary to study them before choosing the provider.
3) Negotiate a contract based on consumption. If you sometimes have variable use of the service made available to you, whether you have used 100% or 0% of the capacity, the pricing remains the same. Thus, by negotiating, your billing could be adapted to your consumption.
4) Negotiate the detailed description of services for all products. With these membership contracts, the services are listed by default even though the supplier can change the capacities and rights of the products over time. Thus, this negotiation protects you from possible inconveniences.
5) Staying vigilant on the clauses related to data security and confidentiality. Suppliers must comply with the ISO CEI 27001 and 27002 standards and also with the GDPR.
6) The supplier must take responsibility for its subcontractors. Most providers subcontract with other cloud service providers while absolving themselves of any responsibility. In this case, in order to avoid that it falls on you, you must require that the provider takes this responsibility.
7) Ensuring a service level agreement (SLA). Negotiate system downtime, business resumption, incident response time.
8) Negotiate the expiry of the contract. This clause is important because when the contract expires, some suppliers either delete the data or charge excessive amounts of money to customers wishing to retrieve it. Negotiate an easy or free retrieval of the data and sufficient time for this work.
9) Negotiate support and data transition. If you plan to go to another provider, you should provide for this in the contracts, while mentioning the type of format in which the data will be transferred. This is important because data is often transferred in unreadable formats.
Read also: http://blog.economie-numerique.net/2020/05/04/les-donnees-de-sante-quelles-mesures-techniques-pour-garantir-une-meilleure-protection-de-la-vie-privee/