I’ve just been reading about “legal issues” surrounding cloud computing provider service contracts. There’s a great deal of common sense being missed in this way overhyped issue.
The first wail that comes from these people is “but they won’t negotiate the liability in the contract!”. This means (to them) that you should run away as fast as possible. This is ridiculous. Any provider of services sets their contract terms vs their price as part of the service. Any renegotiation of terms is going to mean a change in price, so you can’t expect to get someone to assume high liability for no money.
The second point to this is that some providers simply may not want to do those kind of terms because that’s not the business they’re in. This isn’t a sign that there’s something wrong with the provider or the product, it’s a sign that the service is the wrong thing for the customer needs. The provider shouldn’t be ripped for declining to modify product and business model for a customer who is just a bad fit.
Next up is the idea that the cloud computing provider should take all or most of the liability for security in “the cloud”. The problem is that this assumes that all variants of cloud computing are the same. In IaaS (infrastructure as a service), the cloud provider sells the customer a virtual machine on the cloud. The customer has full control over the virtual machine and the cloud provider has virtually none. In this case, the cloud provider could be expected to be responsible for the integrity of the underlying cloud and storage platforms, but nothing else. You wouldn’t rent an unmanaged dedicated server and expect the data center provider to be responsible if you mess up administrating it, why should IaaS be any different?
As you go up the scale, cloud provider responsibility grows. With PaaS (platform as a service), the cloud provider is responsible for the intergrity of the underlying infrastructure and the platform itself, but not for what the customer does with it. With SaaS (software as a service), the cloud provider is responsible for everything right up to the customer facing application itself.
This and the understanding that assuming more risk means more money should make make this a less complicated issue to resolve.
Oh, by the way, if you can’t find anyone that will give you the terms you want at the price you want, this should be a clue that what you’re trying to do isn’t reasonable.
Email or call me or visit the SwiftWater Telecom web site for cloud computing services.
Vern