Important Terms in Your Cloud Computing Agreement Lawyers Should Know
July 14, 2017
July 14, 2017
What was it that Abraham Lincoln said? “He who represents himself has a fool for a client.” That’s why we’re giving you heads up on eight of the most frequently seen terms in a cloud computing contract. You would be surprised at how many small to mid-sized law firms sign up for cloud-based email, legal research, and document management without understanding some of the lingo behind these agreements. Here are a couple of tips you need to know before you head to the cloud.
Cloud Service Provider Contracts
Smaller firms or solo lawyers may have a difficult time negotiating with the big cloud computing providers. Many times your ability to negotiate is stymied by the fact that these are shared services in a public cloud. The contracts are standardized, as are the infrastructures themselves in most public cloud service provider contracts.
The good news is that you have choices in cloud service providers, so it makes sense to shop for the best partnership available. Here are eight areas to consider.
1. Make sure the data license isn’t too broad and that you retain rights to the data you’re storing in the cloud. The providers shouldn’t have access to your data as a tool to market their service.
2. There should be reasonable clauses related to data security, generally saying the provider will do its best to protect against unauthorized access. Over the past decade, best practices have emerged in cloud computing models to protect data storage infrastructures. Look for international standard compliance, such as ISO 27001 and 27002 or ISO 27018, along with independent security audits.
3. Data privacy should preclude data monitoring. You should also understand where your data is physically housed, which is important in the event of a physical disaster.
4. Industry-specific privacy and security is crucial. Depending upon your client’s industry, you may need to review HIPAA, CJIS, FERPA, etc. to determine if your cloud-computing provider is in compliance.
5. Look for performance warranties that cover at least part of the services; most cloud computing providers won’t guarantee 100% up time, but they should allow a service level agreement that at least defines minimum performance standards with a remedy of subscription credit if something goes wrong.
6. Indemnity should usually cover intellectual property, but if you get data security clauses, that’s better than most cloud computing contracts. Watch out for cloud service providers who offer an indemnity clause for third party data.
7. Limits of liability should offer at least some caps; avoid contracts that offer zero liability responsibility for the cloud computing provider. Capping liability payments often take the form of a payment multiple, for example, capping a payment at 12 months with payment for direct damages is typical.
8. Try to avoid unilateral amendments that allow the cloud computing provider to change the contract at any time.
Managed Service Providers Mitigate Risk
These are just a few of the things to watch for in a cloud service provider’s contract. If you’re a small firm, consider a managed service provider to help you not only select the right cloud partner but also to handle your IT infrastructure, from security and business continuity to data management.
Want more information? Request a quote for an IT partnership with TOSS C3.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.