• United States



Money for Nothing: The New Culture of Cloud Computing

Aug 22, 20122 mins
Cloud Security

Since my last post, I have worked on a number of cloud engagements.  In doing so, I could not help but think of the lyrics to that famous Dire Straits’ song “Money for Nothing” because it seems some cloud providers have adopted those lyrics as the mantra for their businesses.  I’m not talking about situations where a vendor wants to ensure they have adequate protections in their contracts.  Rather, I am talking about a relatively new trend where a cloud provider’s stated approach to the transaction is that it will take no risk whatsoever.  It will assume no obligations of any kind to the customer.

Consider the following checklist of terms in the forms provided by several recent cloud providers:

  • Liability of Provider:  Zero, the vendor has no liability for damages of any kind or type, regardless of what they may do.  Check.
  • Service Levels:  Zero, no service levels offered, only a vague commitment to use reasonable efforts to try to make the service available.  That commitment, however, is so thoroughly qualified by long lists of exceptions as to render the obligation useless.  Check.
  • Termination Rights:  Zero, the client has no express right to terminate the agreement for any reason, even breach.  Check.
  • Protection Ensuring Critical Terms of the Engagement will not Change:  Zero, the service description, functionality, SLAs, and support obligations may all change at any time, without notice to the customer.  The customer has no ability to object or terminate the agreement.  Check.

After the reading the foregoing, your first thought may be that the engagements are non-critical to the customer.  That would be incorrect.  Your second thought may be that the engagements involve very low fees.  Again, you would be incorrect.  These are important engagements involving substantial fees.  The vendor’s approach in each engagement:  money for nothing.  It may be that that approach will work in the near term, but ongoing, as competition increases and businesses start to more fully appreciate the risks involved, we will likely see such vendors closing up shop and looking for some other way to sell magic beans to the unwary.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author