10 Key Issues when Negotiating your Cloud Services Contracts

Yes, Cloud Computing is great, and one of the reasons that CFO´s and CEO’s are liking it a lot is that it allows to reduce capital expenses and costs while increasing speed, flexibility, time to value, business agility and capacity for innovation. However, Cloud comes with regular invoicing and a price tag, one which often can be much more complicated that what it might seem at first sight.

This article is a brief synthesis of a chapter section in my new book which hopefully I will be finishing in the next couple months (Practical Handbook to Cloud Transition)

Maintaining a good relationship between customers and vendors during the life of a contract is good for both and something everybody should aim for. A good customer/vendor relationship is going to be based on setting the right expectations about the services and the costs. Vendors providing great service at a great cost value will have happy customers that most likely will remain loyal. However customers finding that their cloud vendors are either under performing in their services or are charging hidden or not expected fees, will most likely first complain, and then cancel the contract and switch to a different vendor.

It is essential to be well informed and to know exactly what you are contracting and what costs, fees and services you should be expecting.

Whether you might be contracting any type of IaaS, PaaS, SaaS and its many variants and subtypes, each Cloud vendor might charge quite differently, and the number of options might be quite large and sometimes complicated to understand.

There are many topics to discuss with your Cloud vendor or vendors (sometimes you might need more than one), here I´m summarizing the 10 which I think are the most important ones for the majority of customers. These topics are all closely

Fees, Pricing and Invoicing

The first issue is to know what, when and how you will be charged with. A practical approach is to define the “baseline” services you are getting, like number or type of Virtual Machines, Storage, Applications,

Services Setup and Deployment Costs

Make sure you understand whether there there any fees or charges for setting up the Cloud services you are contracting, or whether there might be.

Of course, for the most comprehensive applications offered in Software as a Service mode, there will be costs associated with configuring and implementing the system, but that might be contracted with an specific professional service provider.

Maintenance, Operations and Support

One of the economic reasons for choosing and moving to Cloud is actually to hand on routine maintenance and operations to your Cloud provider, such as backup/restore, installing upgrades, fixes or upgrades, monitoring the state of the systems or the platform or the applications and the like, and also all of them will offer you some type and some degree of support.

Again, the delivery model will impact significantly the covered services. While typically SaaS providers will take care of upgrading every tenant to the next release and sending the customers a new upgraded tenant for testing, upgrading is not common in IaaS models.

Some of the factors you need to understand from your Vendor are:

  • Which maintenance services are included in the contract?
  • Are backup / restore operations included? How many? What is the backup policy? Can we select other backup policies / periods?
  • What type of system / application monitoring do you do?
  • How do we contact support? What is the availability of the support?
  • Is minor / major Upgrading included?
  • Does your maintenance include system copies of our SaaS tenants?
  • Do we have the possibility of a snapshot copy before a critical test / operation and to restore it in case something goes wrong?
  • What other value added services are included in our contract?
  • Is the support provided in different languages / time zones?

 Security and Business Continuity

Unless you are part of a very large corporation with deep pockets for investing in security, most certain is that your Cloud provider should provide very high security standards and certifications but nevertheless, this is one critical issue that requires very good understanding and expectations by customers, since it´s also one of the main reasons for rejecting Cloud adoption.

You should request a document or presentation by your cloud provider that explains their security policies, certifications and standards in their Cloud data centers. If you belong to an industry that requires additional measures concerning the access and privacy of the information held in the systems, such as HIPAA for the Health Industry.

If there is a CSO in your organization, she or he will have many questions for the Cloud provider, here I just include a few of what I consider the most important ones:

  • Which Security certifications do they have and what are each of them for?
  • Understand the data encryption process used from the customer to the Cloud services
  • How are my systems / data safeguarded from other customers or government agencies?
  • In case of a failure in the Data Center where our systems / applications / data is located, is there any Business continuity procedure in place, such as automatic Disaster Recovery?
  • How do you destroy our systems and informations after we cancel the contract?
  • What happens in case of data corruption?
  • How long does it take for a restore copy to be applied?

 Localization and Compliance

Closely related with Security are the issues you need to understand regarding localization and compliance. In the case of compliance, it might have legal implications and regulations which often are not well known by IT departments, so it´s a good practice to consult about it, or really ask your Cloud Vendor about it.

  • In which country / countries are our systems physically located?
  • In case of a SaaS application, is it localized for the country / countries where we operate?
  • Are your system compliant with the laws and regulations required by our country / countries and the industry where we do business in?


Performance involves your Cloud provider but also your networking capabilities, your bandwidth and your configuration. Actually, network bandwidth is one of the critical reasons for the success of a transition to the Cloud, otherwise you might be placing your company users at risk of not using and not accepting the new systems due to excessive response times.

This is probably the one issue where on premises systems are still a bit ahead of the Cloud counterpart, therefore is of critical importance. Obviously it’s also one of the topics that Cloud vendors and providers are working harder and we should soon see great improvements.

Depending on the Cloud service type performance can be measured differently. I case of SaaS, it could be established as the average response time that users get when executing application transactions either online or in batch. You should analyze with your provider the average response time considering elements involved: CPU, DB response time, networking time and maybe others. Your IT must held deep and technical conversations with your Cloud Vendors, specially in those cases where there are mission critical applications and systems involved. Set your performance expectations right, and get your networking assessed, improved, updated and also make sure you have alternative ways and fail over procedures for accessing your systems in the Cloud should your primary networking backbone fail.

There is also another topic regarding performance by your Cloud provider: provisioning time. This should be n times faster that when provisioning for onsite on premises systems, however it’s a very recommended practice to have the right expectations and knowing how long does it take to provision different types of Cloud services such as VM, storage, Web platforms and most importantly SaaS. This is important because if you decide to implement advanced ways of resources elasticity, it might become an issue with a considerable cost element in large Cloud landscapes.

Service Level Agreements

SLA´s are the base of your contract with your Cloud service provider, and the guarantee of getting a good service, so pay particular attention to them, since the commitment of your provider with the SLAs offered is critical to your systems and applications availability, scalability and performance. Additionally, SLA´s might have contractual obligations by the vendor and even some guarantee with refunding part of the fees if the SLA´s are not met. Some of the most common SLA´s you should be looking at:

  • Systems and Applications Availability (monthly, yearly)
  • Maintenance Windows Schedule
  • Provisioning time of different computing services
  • Support response times according to ticket priorities
  • Response times
  • Business Continuity and/or Disaster Recovery times. When is it triggered? How long from failure to failover availability?
  • Times for customer requested operations, such as restore, snapshots, systems copy, updates and so on

 Scalability and Elasticity

Scalability and Elasticity are two of the basic characteristics that Cloud Computing must provide, however one must look closely at both of them, and how will they affect your fees. I have mentioned them in the first issue.

But to get expectations right and avoid charging surprises, ask your Cloud vendor questions such as :

  • Can we set up automatic scalability based on certain parameters? (typical are average CPU usage, response times, and so on)
  • How can we control self service for adding up or subtracting Cloud resources?
  • How much will it cost to have dormant resources to be used only in peak periods?
  • If you contract a type of computing resource, how will affect the fees if for whatever reason your company needs much less computing power or application users? Will that be possible in the contract?
  • If we increase the number of users in a SaaS application, will we get the same SLA´s?

 Monitoring and Reporting

The last issue that you should pay attention is the types, depth and autonomy you will have for monitoring your usage, consumption and Cloud resources, and the reporting that your Cloud Vendor will provide, whether it will be built in or sent to you periodically.

In order to contrast that you are being charged correctly, and also for a correct governance, you need to have access to detailed reporting on:

  • Usage of Cloud computing resources, types, number of users, and any other type of Cloud service you might have deployed
  • SLA´s and Availability, it´s also a good practice to request reports on schedule maintenance
  • Access log, which might be required for compliance or as part of your security policy
  • Performance
  • Billing and Invoicing
  • Security report, whether there has been security incidents, attacks or any other issue

Reporting might be provided by your Vendor on a self service fashion, or might be sent to you periodically. Sometimes, due to complex landscapes you might need to deploy some type of Cloud Service management tools in order to have a deep overview of your environments.

There are other issues when negotiating with your Cloud provider, such as training, service catalog, monitoring tools, inter cloud integration costs and so on, but I think that the 10 issues I have briefly described above will cover most of your requirements.

If you had any issues or other experiences negotiating with your Cloud Vendor that you want to share with us so that the community is aware, please comment below.

Jose A. Hernandez
Founder & Global CTO at myCloudDoor

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This

Copy Link to Clipboard