Cloud computing service users ought to establish a set of value propositions before adopting cloud computing. It is imperative for cloud computing service users to know about their rights and responsibilities. At
1) Right to retain ownership, use and control of data: During evaluation, a cloud computing service provider is not very clear on issues regarding ownership of data, controlling and using it. This could result in the service provider accessing and manipulating the user’s information without permission, which is a potential threat. Hence, a cloud computing service user should stress on retaining ownership, use and control of data.
2) Right to service level agreements (SLAs) that address liabilities, remediation and business outcomes: Cloud SLAs are mostly technical and not very clear to a cloud computing service user. In case of failure, a cloud computing service provider hardly tries to fix things like elaborating on the different ways of remediation. Today, a cloud computing service user requires a different SLA, depending on the type of service he uses. It should address the business issues entailed in the type of service offered.
3) Right to notification and choice about changes that affect the user’s business processes: Business support is the one of the reasons why cloud computing service users look out for providers. After signing the contract with the provider, any change in terms of price or upgrades affects the user’s business. Hence, the user must be informed well in advance about the changes being planned by the service provider and what could be the reparations to give him some time to plan so that they hit his business in the least possible way.
4) Right to understand the technical limitations or requirements of the service: Cloud computing service providers often fail to provide complete details about their solution, the technical requirements, and their limitations. After signing the contract and after investing a considerable amount in it, the user may realize that the provider’s solution is not able to adjust to the organization’s requirements. Therefore, particularly for complex, long-term projects, users and cloud computing service providers should keep each other informed about their technical requirements and limitations.
5) Right to understand the legal requirements of jurisdictions in which the provider operates: Cloud computing service users sometimes tend to overlook the legal requirements. Service providers should inform cloud computing service users about the jurisdictions they have put the data in as well as the legal requirements they need to comply to. Based on this, the user can decide if he wants to go ahead with the cloud implementation.
6) Right to know the security processes followed by the provider: A cloud computing service user should be well aware of the security processes followed by the provider to avoid any security breach. Additionally, the user should also be informed about the disaster recovery plans of the provider.
7) Responsibility to understand and adhere to software license requirements: A cloud computing service provider should notify the user on the proper usage of software licenses. If the user puts the software on the cloud, which it has licensed from a third party and it violates the agreement, he is responsible.
About the authors: Rakesh Kumar, VP, Gartner Research has more than 23 years of international experience and specializes in enterprise infrastructure and operations strategies. Stephen Prentice, VP & Gartner Fellow works in the executive leadership and innovation group (part of the CIO research). His current research includes nature of innovation, consumerization of IT, and growth of virtual worlds and social computing, and their impact on businesses.
(The tip is an excerpt from Cloud Computing Scenario - part of the CIO program during Gartner India CIO & IT Executive Summit 2010).
This was first published in December 2010