Cloud Contracts: 8 Questions To Ask - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Infrastructure as a Service
News
6/19/2014
10:49 AM
Charles Babcock
Charles Babcock
Slideshows
Connect Directly
Twitter
RSS
E-Mail

Cloud Contracts: 8 Questions To Ask

What should you look for in a cloud contract? What's hiding in cloud providers' service-level agreements and terms? Read our expert guide.
3 of 9

Is your data secure in the cloud? How do you know?
Data security is paramount in the cloud, and the cloud vendors say a lot of nice things about providing it. But how do they provide it?
Salesforce.com's contract says, 'We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Your Data, as described in the Documentation.' What exactly are those safeguards? Encryption of data in motion? Do they meet HIPAA or PCI DSS standards? The contract says the safeguards are described in the documentation, and its definition of what constitutes the documentation is: 'Our online user guides, documentation, and help and training materials, as updated from time to time, accessible via help.salesforce.com.' You may ask, 'which version of all these materials?' since they are going to be changed and redrafted periodically. 
The nature of data security as covered by the contract looks like a moving target. When it comes to keeping information confidential, the contract says Salesforce.com 'will use the same degree of care that it uses to protect the confidentiality of its own confidential information,' which may be reassuring. But it's still hard to know exactly what you're getting. The Amazon Customer Agreement guarantee sounds like this: 'We will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access, or disclosure.'
(Source: nevillekingston on Pixabay.)

Is your data secure in the cloud? How do you know?
Data security is paramount in the cloud, and the cloud vendors say a lot of nice things about providing it. But how do they provide it?

Salesforce.com's contract says, "We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Your Data, as described in the Documentation." What exactly are those safeguards? Encryption of data in motion? Do they meet HIPAA or PCI DSS standards? The contract says the safeguards are described in the documentation, and its definition of what constitutes the documentation is: "Our online user guides, documentation, and help and training materials, as updated from time to time, accessible via help.salesforce.com." You may ask, "which version of all these materials?" since they are going to be changed and redrafted periodically.

The nature of data security as covered by the contract looks like a moving target. When it comes to keeping information confidential, the contract says Salesforce.com "will use the same degree of care that it uses to protect the confidentiality of its own confidential information," which may be reassuring. But it's still hard to know exactly what you're getting. The Amazon Customer Agreement guarantee sounds like this: "We will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access, or disclosure."

(Source: nevillekingston on Pixabay.)

3 of 9
Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
Laurianne
50%
50%
Laurianne,
User Rank: Author
6/19/2014 | 11:47:17 AM
Good advice
Thanks for sharing your insights on these contracts, Charlie. The current difficulties involved in apples-to-apples pricing comparison = one pain point I hear a lot about from IT leaders.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
6/20/2014 | 2:23:28 PM
What is a "commercially reasonable" commitment?
The organization and presentation of cloud services varies a great deal by vendor; the contracts, on the other hand, show many marks of similarity. Repeatedly encountered the phrase, "commercially reasonable effort." To me, ikt's come to mean "will meet the same low standard as everybody else."
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll