Ten clauses to watch in cloud contracts

An analysis of some 25 standard cloud computing contracts dissected at an event in Sydney today has revealed a veritable minefield of legal risks Australia’s corporate sector can be exposed to when adopting public cloud computing services.

The report noted that cloud computing contracts often specify which jurisdiction the contract is signed in accordance with – a key issue should a dispute ever arise between the parties.

The report found that many cloud computing providers offer no warranties around protection from external attack and leave the provision of data security in the hands of the customer, even in cases when the securing of that data is physically beyond the means of the customer to control.

But Vincent as well noted that for some SMB clients, the cloud computing provider may be able to afford to provide more robust security technologies, and has an even greater incentive to keep up to date with patching.

In some cases, the amount of credit available to the customer afterwards a period of downtime is capped, and downtime may not be calculated for periods of "planned outages", "internet connection failures", cases of hacking, DDoS or virus attacks or other emergencies.

Vincent said today that whilst he expects public cloud computing contracts to evolve over time, heavily commoditised services are unlikely to change tack with regard to this matter.

The report as well notes that most cloud computing providers – in order to meet the necessary scale required to offer competitive pricing – host multiple clients on the same infrastructure, presenting an additional layer of risk. This topic has as well been explored in some detail by iTnews’ Liz Tay.