Since my last post, I have worked on a number of cloud engagements. In doing so, I could not help but think of the lyrics to that famous Dire Straits’ song “Money for Nothing” because it seems some cloud providers have adopted those lyrics as the mantra for their businesses. I’m not talking about situations where a vendor wants to ensure they have adequate protections in their contracts. Rather, I am talking about a relatively new trend where a cloud provider’s stated approach to the transaction is that it will take no risk whatsoever. It will assume no obligations of any kind to the customer. Consider the following checklist of terms in the forms provided by several recent cloud providers: Liability of Provider: Zero, the vendor has no liability for damages of any kind or type, regardless of what they may do. Check. Service Levels: Zero, no service levels offered, only a vague commitment to use reasonable efforts to try to make the service available. That commitment, however, is so thoroughly qualified by long lists of exceptions as to render the obligation useless. Check. Termination Rights: Zero, the client has no express right to terminate the agreement for any reason, even breach. Check. Protection Ensuring Critical Terms of the Engagement will not Change: Zero, the service description, functionality, SLAs, and support obligations may all change at any time, without notice to the customer. The customer has no ability to object or terminate the agreement. Check. After the reading the foregoing, your first thought may be that the engagements are non-critical to the customer. That would be incorrect. Your second thought may be that the engagements involve very low fees. Again, you would be incorrect. These are important engagements involving substantial fees. The vendor’s approach in each engagement: money for nothing. It may be that that approach will work in the near term, but ongoing, as competition increases and businesses start to more fully appreciate the risks involved, we will likely see such vendors closing up shop and looking for some other way to sell magic beans to the unwary. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe