Cloud services vary enormously, with different service models, (Software-, Platform- and Infrastructure- as a Service) and deployments (public, private and hybrid clouds). Different models raise slightly different legal and regulatory issues for customers, but there are common themes.
A particular challenge for customers is that, certainly in the public cloud sphere, vendors are offering a commodity service and so offer commodity, non-tailored, (and sometimes non-negotiable) terms to match. However, in our experience, vendors are often willing to negotiate to win big accounts.
For smaller customers with less bargaining muscle, the following top ten should provide a checklist of key issues for due diligence.
- Security: Do your due dilligence
- Check the vendor's service levels and customer remedies for service failures
- Plan for an easy exit
- Vendor solvency: do your homework, but plan for the worst
- Regulatory compliance
- Check the vendor's AUP and consequences of breach
- Avoid lock-in
- Is the vendor singed up to SaaS Escrow arrangements?
- Migrating applications to the cloud: check your licence terms
- Personal data and privacy