Well not really, but close. For those of you that missed it, NIST has made several statements about the non-negotiability of cloud agreements. Most recently, in its Guidelines on Security and Privacy in the Public Cloud, NIST said “Non-negotiable service agreements in which the terms of service are prescribed completely by the cloud provider are generally the norm in public cloud computing.” This doesn’t mean all cloud engagements are non-negotiable or that they should be avoided. It does mean that if the contract is presented as non-negotiable, the customer must do a far more thorough analysis of the risks/benefits of the engagement, including conducting more detailed due diligence of the vendor, seeking references from existing customers, understanding exactly what types of data will be placed at risk, the criticality of the service to the customer’s operations, etc. Without that leg work, the customer will be walking largely blind into the relationship. In some instances, the customer may well determine that a cloud service provided under non-negotiable terms is simply not right for the particular engagement. Better to discover that as early in the process as possible. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe