One of the greatest advantages of cloud computing is the low cost of what are essentially commoditized services. The big downside, however, is that some vendors take commoditization a bit too far and present their contracts as essentially non-negotiable, offering the services on more or less an “as-is” basis. In those cases, what is a business to do?These types of engagements may present significant business advantage and, if they don’t involve the rendition of a critical service or the hosting of highly sensitive data, may be entirely appropriate. The trick is ensuring you have a way out of these as-is engagements. That means ensuring you have clear termination rights. Since the service is likely being provided with little or no warranties or performance standards, a termination right that requires a showing of breach on the part of the vendor is of little practical use. This is because it is not possible to show a vendor in breach (and therefore have the ability to terminate) when the vendor has no real obligations under the agreement. That means, the termination right must be for convenience: “Customer may terminate this Agreement at any time, without cause or further obligation, on fourteen days prior written notice to Vendor.”If termination for convenience cannot be negotiated, the next best thing is to negotiate termination rights for poor performance. That is, ensure you can terminate the agreement if the vendor has a substantial service level failure (e.g., failing to be available at least 95% in a given month, which would be extremely poor performance by almost anyone’s standard) or if there are lesser service level failures, but those failures are repeating (e.g., failing to be available at least 98% of the time in any two out of five months). The point is not to become trapped in an agreement where the vendor has little in the way of performance obligations, yet your payment obligations are absolute. By paying attention to termination rights, it is possible to mitigate some of the risk in these smaller, non-critical, as-is engagements. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe