7 Must-Haves in a UC Cloud Contract

In large part, cloud services are all about trust between the service provider and the consumer. The consumer, typically an enterprise, expects data stored in the cloud to remain safe. It wants guarantees that the data will be used for the enterprise's benefit and not the provider's.  

There are industry guidelines that providers and enterprises can use when crafting an agreement (see sidebar). Still, it's necessary to put a few things in legalese. A good UC cloud service agreement has many important elements, but these seven are key must-haves that should not be overlooked.

1. Where is the demarc? The cloud service contract should explicitly define the  demarcation point where the provider's responsibility ends. Bear in mind that the provider's responsibility might end at the edge of the provider's hosting site and not cover some or all of the access network, which is often the Internet. This should be clearly spelled out in your contract so you can strike the necessary service-level agreements with your network service provider to cover the availability of the access network segment of your cloud setup.
2. Search warrants and subpoenas. If the service provider receives a search warrant or subpoena for information, it must notify the consumer. The enterprise must know, and address in the agreement, how it will be protected if it has data stored on the same systems as other customers who are part of the subpoena.
3. Hacker attacks. What safeguards does the provider offer against hackers who target the cloud? Ask the provider to describe them in writing. Can you negotiate at least minimal retribution for any breaches due to a vulnerability in the cloud provider's infrastructure? It's worth trying.
4. E-discovery. The cloud provider should be as responsive as possible to e-discovery requests - requirements to make electronic data available for legal proceedings. The contract should specify how quickly the provider will respond to e-discovery requests and ensure that the needed data will be easily retrieved.
5. Litigation risks. It might sound farfetched, but it's not: consumers using cloud services could be at risk for patent litigation if the provider's technology infringes on another entity's patent. The contract should ensure that they are protected.
6. The exit clause. Service providers change their terms and conditions unilaterally and might cancel service if the customer does not agree to the changes. The enterprise, too, needs a legal path to terminate service. The contract should contain an exit clause that protects the enterprise if the arrangement does not work to its satisfaction or if the provider goes out of business or is sold. This clause should also ensure that stored data and software licenses be returned without delay.
7. Service-level agreement. The SLA for a cloud service typically covers both reliability and availability. SLAs can be measured over a long period of time, possibly weeks, but are most critical at peak traffic times. Ideally, the enterprise customer would like 99.99+ percent service availability. But again, with other elements out of the provider's control in the chain of access to the provider's site (e.g., the Internet), enterprises are likely to see a somewhat lower availability level. The contract should spell out what the user can realistically expect.