Should Cloud Contracts Cover Client Responsibilities?
When I was a guest on CIO Talk Radio earlier this month, a question came up about which client responsibilities are appropriate to include in a cloud computing contract. It's a good question, and one that I haven't really talked about here, since most of my Computerworld columns have focused on vendor responsibilities that you should codify in the contract.
So what are some client responsibilities that are reasonably addressed in a cloud computing contract? While they vary depending upon type of cloud service and use case, the most common examples involve client IT governance, including the following:
When choosing a cloud provider, it's important to follow best practices in determining that the vendor's security practices align with your needs. But that's only one side of the security coin.
As with most things in IT, access to a cloud service typically requires a login ID and password. When a client enterprise acquires a cloud service, it should be the client's responsibility to figure out which end user should be given access. But to thoroughly address this responsibility, the client should define when access should be taken away from the user -- for example, upon separation from employment or upon a change in duties or responsibilities.
Source: Computerworld (US)