Know the key legal and security risks in a cloud-computing contract

02.04.2013
ORLANDO -- Enterprises that store data with cloud providers may no longer have physical control over it, but they're still on the hook legally for its protection and security.

Knowing what goes into a SaaS contract -- and the risks associated with what's not included -- can mean the difference between a costly lawsuit or a successful partnership, according to technology attorney Milton Petersen.

Petersen, a partner in the information technology practice group at the law firm of Hunter, Maclean, Exley & Dunn in Savannah, GA, spoke at SNW here today.

The two most important words to look for in a vendor contract are "vendor shall," Peterson said. Words such as "we'll strive to," "our goals," "targets" and "objectives" should raise red flags for users as they offer no concrete guarantees and give the vendor legal wiggle room.

Cloud computing contracts also tend to be more commoditized today, compared with big outsourcing deals that once involved heavy negotiations carried out over days.

"It used to be that a customer could negotiate a lot of protections in," Petersen said. "To some extent ... [now], you have to take contract terms they're offering."