IP, Technology & Data

The news earlier this week that Microsoft’s Azures platform had fallen over, taking with the Microsoft 365 service, X-box Live and a host of third party websites and cloud services, is a good reminder of the importance of understanding your delivery model when negotiating contracts and standard terms for cloud services.

The software’s connected to the platform, the platform’s connected to the infrastructure…

The uptime of any cloud based service is dependent upon the uptime of the services provided by the underlying infrastructure as a service (IaaS) and/or platform as a service (PaaS) provider. If the infrastructure or platform goes down then it doesn’t matter how robust the application running on it is – your customers won’t be able to access it.

That means the ability of a provider of cloud based services to comply with a general availability service level will be dependent on factors outside its control.

Cloud platforms generally offer far greater resilience than self-hosted systems. According to the BBC, in Microsoft’s promotional materials, Microsoft states that many of its services will be available “99.9%” of the time. Sometimes, however, things go down, and the service level agreement in place from the IaaS provider will often offer little in the way of tangible compensation for the downtime.

Providers of cloud services are therefore faced with a choice – do you underwrite the uptime commitment in their contracts with customers (and take the hit on any service credits), or do they carve out responsibility for downtime to the extent that it relates to the IaaS (or PaaS) provider?

Managing the risk in cloud contracts

If you’re drafting standard terms for commoditised cloud services then it’s fairly easy to deal with this risk in your drafting.

However, if you are providing higher value services and/or your customers anticipate negotiating the contract terms, this is likely to be an issue that comes up during negotiations.

What is appropriate will depend on the nature of the service, the bargaining position of the parties and the sophistication and technical understanding of the customer.

It’s essential that users of cloud services understand that the cloud model brings a great number of advantages, but with that comes some additional risks. If the customer is looking for a low priced, commoditised service then that will be reflected in the service levels. If the service is more business critical then the parties should look at whether a more resilient platform can be utilised.

Simply requiring a cloud service provider to take the hit on downtime is not going to improve the resilience of its IaaS provider. It’s far better for the end customer to understand what IaaS or PaaS is being used and the terms of service, and evaluate the practical risk and then assess whether other steps can or need to be taken to improve service resilience.

Similarly, providers of cloud services should review their IaaS and PaaS contracts carefully to ensure that the level of service being offered is appropriate for the cloud service in question and the expectations of their customers. Sometimes (often), cheapest isn’t always best.

Follow me

Martin Sloan

Partner at Brodies LLP
Martin is a partner in Brodies Technology, Information and Outsourcing group and has wide experience of advising clients on technology procurement and IT and business process outsourcing projects. Martin also advises on data protection (including the GDPR), and general technology and intellectual property law, and has a particular interest in the laws applying to social media and new technology such as mobile apps, contactless/mobile payments, and smart metering.
Follow me