How to Avoid Legal Hassles When Switching Cloud Vendors

Barry Porozni recently discovered a critical omission in a company contract with a software-as-a-service vendor: There was no clause to cover key aspects of data migration when the deal ended.

That omission caused headaches as Porozni, CIO at The Reinvestment Fund, sought to move a cloud-based document-management and workflow system back on-site. Porozni says his company had to negotiate a price for a copy of its own data plus tools needed for the migration.

“You think a lot about the beginning. People do a good job with that,” he says. “But you need to think about the end, too: data ownership, migration, what happens if I want to switch.”

[More: Check Out CIO.com’s Ongoing Coverage of Cloud Services]

Porozni is moving customer data and imaged documents from vendor Savana. He says Savana has been good to work with and they’re parting on friendly terms. But his IT group has developed a similar application in Microsoft Sharepoint, which he expects will save him money.

The Open Group, a research and standards consortium, says that 92.5 percent of IT professionals are actively researching cloud computing or have already implemented cloud services. But many of those IT leaders have yet to switch cloud vendors, analysts say. When they do, they’ll likely find that untangling themselves from their cloud providers will be more complicated, painful and expensive than they expected.

“They’re going to have this surprise that shouldn’t be a surprise,” says R “Ray” Wang, CEO of Constellation Research, which last year published “The Enterprise Cloud Buyer’s Bill of Rights,” a paper aimed in part at preventing vendor lock-in. “They should have done their due diligence.”

Who Owns Your Data?

To better prepare for the day when they might choose to switch vendors, CIOs need to consider several key points both during initial negotiations with cloud providers and during a contract’s lifespan. Those points include questions of access to and ownership of data, says Brent Nair, CIO for the city of Memphis, Tenn.

Nair’s IT team moved an application from one cloud provider to another in 2010. The contract guaranteed the city would get copies of its data, but it didn’t specify how many. Nair says his staff “went round and round” with the vendor and ended up having to negotiate a price for the number of copies they wanted.

“You have to think about how do you physically get your data back, who pays for it, do you have to have someone enter the facility, and is it encrypted,” Nair says. In traditional on-premise computing, he notes, you don’t have to consider these potential wrinkles because you have physical control of the data.

CIOs should also pay attention to pricing, Wang says. One big draw of cloud is being able to pay as you scale up, but not all vendors offer as much pricing flexibility as you scale down before a migration.

Tim Crawford, a consultant and former CIO, advises building legal safeguards in multiple layers. For instance, contracts shouldn’t require the vendor to simply provide the company with a copy of its data. The contract should specify the form and file type the data will take.

“If I’m storing information in a relational database and they give me a flat file, that data is now useless to me even though they met the contract terms. You’ve lost the relationship of one data point to another,” Crawford says. Approach negotiation of the initial contract thinking the vendor won’t help at all with a migration, he adds. “Plan with the end in mind.”

Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.