Guard yourself against loss when hit by cloud outage

When the Amazon outage was hitting the headlines a few weeks back the blogosphere was quickly filled by aggrieved customers complaining that their businesses had been hit and their finances had been seriously hit. There was much talk of suing Amazon for compensation over lost business.

But is this the answer? There’s little doubt that the Amazon problems have hurt the cloud industry.  It’s clear that many of Amazon’s customers thought they were entitled to more protection and to better compensation than they were in reality. Why is there this disconnect? And what can be done to ensure that cloud customers have peace of mind?  This is the ideal time for customers to dust off their existing contracts with their cloud service providers (CSPs) and look in some detail at what they do and don’t say.  It’s also an opportunity for CSPs to stand out from the crowd by being transparent about what protections they’re willing to offer customers.

The first thing to say is that this is all about the value of the contract. If you’re a small business and not spending big sums or you’re buying a commoditised cloud service, then you have no room to negotiate and will have to take or leave the terms offered to you. Of course, you can shop around and may find a cloud provider than provides slightly better terms. This process will improve over time, as we expect to see CSPs start to distinguish themselves more in the type of services and customer protections they offer.

On the other hand, if you’re a major corporate with a £1m-plus contract, you’re on far surer ground when it comes to negotiating. It’s going to be worth the cloud provider’s while to make concessions when that sort of budget is at stake. What’s more, customers like that will also be more likely to have lawyers poring over every detail of a contract, so there will greater pressure on the CSP to make concessions

Before agreeing a contract – whether that’s by accepting the default terms and conditions or by negotiating a bespoke deal – the customer should evaluate what happens in the event of data loss. If the worst happens and the data is lost, customers need to know what disaster recovery process is place. What procedures does the CSP have in place?  Does it provide a back up and disaster recovery service?  Is this a standard offering for all customers or only for those who upgrade?  The customer should consider whether he needs to keep a copy of the data himself.

A customer should also consider whether the CSP offers compensation, whether that be future credits against the service or in cash. It’s also worth asking whether the cloud provider has its own data centre or whether it’s buying capacity from someone else – that could be an issue if there’s a major data centre failure.  A cloud provider who doesn’t own the data centre will be reliant upon the owner fixing the problem and therefore will be unlikely to provide adequate reassurance to the customer in its contract. 

Then there’s the question of what happens if you can’t get the data back and get your systems up and running: would insurance cover the loss? If it doesn’t, then maybe the customer should upgrade its insurance cover.  The trickier problem will be what happens if the data loss causes a business to be in such financial trouble that the customer goes into administration or even liquidation. It’s unlikely that legal remedies or insurance cover would truly compensate.  Therefore, the customer should look again at its back up and disaster recovery options and ensure it has taken all affordable practical steps to protect the business.

If a customer can’t negotiate on these key issues, that’s no reason not to enter into a cloud contract if it’s otherwise right for the business. You just have to be aware of the limitations. 

Top tips for customer cloud contract negotiations

• Evaluate how much you’re willing to pay to ensure your move to the cloud doesn’t end up losing you money, or your business
• Review the level of service from the CSP. Does this provide adequate protection?
• Take appropriate steps – through your CSP or otherwise – to ensure you have a disaster recovery plan that works
• Consider what the CSP is liable for and what has been excluded. Is this an acceptable level of risk?

In short, nothing can be done to stop data outages – they happen. They’re a fact of life whether you have on-premise IT or cloud computing. The trick is to plan for problems, to prepare for difficulties and have recovery plans in place. That’s a far more effective way that than threatening to sue if things do go wrong.