Cloud Contracts: 5 Questions SMBs Should Ask

Slideshow: Cloud Security Pros And Cons

So you're embarking on a cloud project: Piece of cake, right?

That might be the hype-inducing ideal, but it's not necessarily reality. Transitioning from on-premises hardware and applications to hosted platforms requires due diligence and an eye for detail much like any other IT project. Not doing the legwork up front can lead to plenty of problems down the road, including rocky relationships with vendors.

Matt Cicciari, product marketing manager at Progress Software, recommends small and midsize businesses (SMBs) ask their cloud providers honest, tough questions while developing the service level agreement (SLA) and before signing the dotted line. Doing so can bump up the odds of a smooth migration and ongoing success. Here are five to get you started.

Where is my data stored?

If there's organizational fear around giving up control over your valuable data to a third party, this is the question to start with--perhaps even before reaching the contract phase. Cicciari notes the distinctions between private, public, and hybrid clouds, for example, and cautions SMBs to have a clear understanding of how and where the data will be stored. The type of cloud will likely matter much more to a compliance-laden healthcare firm than a consumer retail business, for example.

The other factor is physical location. Again, business need will ultimately determine importance: Speed and performance shoot up the priority list when dealing with critical application data, but might not be as important for, say, a deep-freeze archive for "old" data. Generally speaking, proximity improves performance, so you should know where your data will live before turning it over.

Who is responsible for my data?

Ease of use tends to be a common marketing bullet point for cloud platforms. While that can prove true, it's not a set-it-and-forget-it proposition. This can be a pitfall for SMBs running with minimal IT staff and hoping to free up human resources by moving to the cloud.

"The fallacy is: I just put in the cloud and everything's taken care of," Cicciari said in an interview. "You still need to understand who from your organization is going to have responsibilities for the day-to-day to activities."

That can involve a learning curve, particularly if your previous day-to-day workload involved managing on-site servers and applications. That's not to say that a good vendor can't help relieve an operational burden, but develop a clear understanding of roles and responsibilities at the outset rather than making assumptions.

"If you're not sure, ask," Cicciari said, adding that this should be an overarching mantra when reviewing contracts and SLAs. If something is unclear or missing, ask for clarification and get it in writing prior to signing the agreement. Otherwise, you might discover you're trading one headache for another.

"It's that old adage: Lack of planning on your part does not constitute an emergency on my part," Cicciari said.

What happens if there's an outage?

Accessibility sits alongside security as one of the top concerns when it comes to cloud platforms--and rightfully so. Amazon, for example, generates a wave of headlines each time there's a problem in one of its data centers that provides cloud services. Cicciari said SMBs lured in by uptime guarantees should read the fine print in their SLA and understand what those guarantees actually cover, noting that there are often exceptions baked in that tend to favor the provider. Also find out how the vendor handles unacceptable outages if they do occur--and how they make good on them. Just as important for the availability-minded SMB: Have your own disaster recovery plan rather than putting every egg in the vendor's basket. Smart failover planning and other steps toward continuity and redundancy can keep your operations running even when your providers experience bumps in the road. In a similar vein, Cicciari recommends asking about vendor lock-in and compatibility to ensure there are no restrictions if you want to use a different, secondary provider for backup or other reasons. What happens if your vendor is acquired or goes under? Given how security and accessibility tend to dominate the cloud conversation, here's a question SMBs might miss: What happens if the vendor merges with or is bought by another company? Or what if it simply goes out of business? Cicciari points to "the massive influx of cloud service providers popping up on the West Coast, only to be acquired by or merged with other businesses." That's not to say you should avoid younger vendors--going with a newer company could yield advantages in terms of pricing, customer service, and the likelihood that they share a similar SMB ethos. But with startups, the likelihood of M&A activity or business failure also increases, Cicciari said. Ask forthright questions about those scenarios--your agreement should state clearly what happens if there are material changes to the vendor's business. "Ensure that your business is looked after and not just swept under the rug just because a big company comes in and you go from being 'Steve' to account number 6421," Cicciari said. Where's the exit sign? Here's hoping your cloud projects--and your relationships with the vendors that support them--produce fruit for a long, long time. But a thorough agreement needs to state clearly what happens to your data if you decide to part ways at any point. "Make sure that you have the ability to recover your information quickly," Cicciari said. "This is not something [you want] to get drawn out through months and months and months." Ask how your data will be returned to you and how quickly. Cicciari gave an upper limit of 30 to 45 days as a reasonable example, but noted that it will depend on the type and size of the data--if it's your ERP system, you may need to trim that down considerably. No matter what the agreed-upon timing is, it should be defined in writing. Cicciari pointed out that this can be an awkward subject--but it shouldn't be. In fact, if the vendor bristles at discussing exit terms, he said that might be a warning sign. "Breaking up is never a fun thing to do, but you want to make sure you've taken all the necessary steps to make it as simple and clean as possible," Cicciari said. "If you spell all those terms, it makes that breakup a whole lot easier." Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.