Cloud contracts: the devil is in the vagueness

Analyst firm advises companies to undertake a deep risk analysis before entering an agreement

Cloud contracts are often riddled with problems, with companies unware of the risks involved in relying on a provider, Gartner warns.

"It's essential that organisation planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks," said Alexa Bona, vice president at Gartner.

"This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change – sometimes without notification."

Gartner said that cloud contracts often lack description of the cloud service providers' responsibilities, and they do not meet the legal, regulatory and commercial contracting requirements of most enterprise organisations.

Companies should also be aware that due to standardisation, contracts generally favour cloud vendors.

The partnership between organisations and service providers does not typically evolve over time, as terms are generally consistent for every customer, and service is often delivered remotely.

Clauses in cloud contracts can also change over time, often without any warning, according to Gartner. These details are often critical to quality of service and price.

Organisations need to try their best to ensure that these terms will not change for the period of the contract, and if this isn't possible try and understand what parts of the contract can be changed and when, Gartner said.

"Cloud service providers will need to address these structural shortcomings to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance," said Frank Ridder, research vice-president at Gartner.

"CIOs and sourcing executives have a duty to understand key areas of risk for their organisations."