Search News & Insights
Cheaper computing power continues to transform the IT industry but customers need to tread carefully
The data centre industry has experienced exponential growth and major change over the past few years driven by increased demand for more efficient, scalable, cheaper and ‘cleaner’ computing power and data storage and a move away from large expensive under-utilised in-house data centres. This evolution would not have been possible without the timely development of new data storage and virtualisation technologies offering an affordable way to incrementally add computing power. In addition, today’s data centres, sometimes costing in the hundreds of millions of euro to design and build, are more energy efficient and environmentally friendly, with the latest power, cooling and ventilation systems - and more secure, utilising biometric security devices, advanced data separation techniques and fire suppression solutions. These technology advances make the associated service offerings quite compelling when compared with the significant capital and running cost of maintaining a large server estate on a dedicated in-house basis.
New Services / ‘Cloud’ computing
This has led to sophisticated relatively low cost services, such as ‘Cloud’ computing, being provided via the Internet using shared (rather than dedicated) IT and communications infrastructure from ‘next generation’ data centres. ‘Cloud’ is a metaphor for the Internet and is based on how the Internet is typically depicted in computer network diagrams.
‘Cloud’ computing is similar to ‘on demand’ or ‘utility’ computing due to the combined computing power of the shared infrastructure (similar to a utility provider) and the ability (with certain constraints) to take more or less computing power from month to month as business requirements dictate. Today, ‘Cloud’ computing services are used for hosting and managing email (and spam filtering), supporting and running software applications, security, virus checking, remote monitoring, online data backup, disaster recovery, business continuity and other computing tasks. Some customers utilise ‘Cloud’ computing services as a hybrid IT strategy to provide low cost business continuity and backup for an in-house data centre and some customers are going much further and outsourcing much of their IT services including business applications to ‘Cloud’ computing service providers.
Is your Contract fit for purpose?
Service providers in this relatively new space are investing considerable time in drafting their ‘standard’ legal terms and conditions to cater for the main concerns that customers may have and balancing these against their business model and their desire to align ‘risk with reward’. Accordingly, it is perhaps understandable that these service providers will seek to contract on their ‘standard’ contract. Customers however do need to be careful to ensure when reviewing these contracts that components thought to be included as part of the services are detailed in the contract because if they are not clearly included there is unlikely to be any legal obligation to provide such components. In addition, due to the inherent risks involved in any partial or full outsourcing of responsibility for hosting and managing corporate data time is well spent at the outset conducting a thorough legal and commercial risk analysis as well as the more obvious cost / benefit analysis.
Some examples to illustrate the need to consider the contract carefully:
(1) a service level mechanism without a related response and ‘fix’ time when there is a problem and a related service credit when there is a service level failure is of little practical use;
(2) if the contract has been described as being flexible and the service scalable so that a customer can apparently add or subtract computing power / data storage as its business requires – does the contract provide for this and is there a systematic and transparent charging mechanism to facilitate this sliding scale?;
(3) is service (and service support) available seven days a week, 24 hours a day, 365 days a year and if not how is downtime scheduled – if, for instance, you are a retailer will you have little or no option but to accept a large amount of very inconvenient downtime at your busiest sales period? If your provider is based in the UK is support available on UK public holidays?; and
(4) particular issues might also arise where a service provider does not own but rather leases the relevant data centre(s) or computer infrastructure. In these circumstances, customers may need to consider provisions protecting the service or their computer infrastructure (as the case may be) should the head lease be terminated or if the head landlord exercises its rights of entry.
This analysis should also involve due diligence in relation to the prospective service provider including speaking with some of its existing and previous customers and a detailed technical examination of the security and resilience of the service. Other questions that should be asked include: where and how is the data stored and backed-up? What level of protection is there against viruses and denial-of-service attacks? Has the service recently been penetration tested? When the relationship comes to an end will the service provider cooperate fully to migrate the services and data to another provider or back in–house? Will the service provider include provisions in the contract detailing its obligations in relation to each of these matters?
Any data protection (privacy) issues as well as other applicable laws and regulations should be considered, the adequacy of the service levels should be tested before go-live as well as the appropriateness of the business continuity and disaster recovery procedures which should be frequently tested by the service provider during the life of the contract.
“Clean” service obligations
In addition to the above requirements, many customers will expect their service provider to reduce energy consumption and energy related costs and the reduction of carbon emissions will become a more important contractual issue for service providers and some customers due to the Government’s recent decision to follow the UK’s example and to introduce legislation (promised for later this year) similar to the UK Climate Change Act.
Examples of “clean” service obligations might include a requirement, in a high value arrangement, for the data centre design and build to comply with environmental standards like BREEAM (a UK standard) or LEED (an international standard) which require the latest power efficient technologies to be utilised such as power efficient cooling using the ambient outside air temperature. Other environmentally friendly contractual requirements include obligations to refresh old, energy-inefficient, infrastructure with new, energy efficient, servers with low voltage processors that consume less power than prior models. The contract may need to also consider end-of-life issues dealing with proper and safe recycling and disposal of legacy equipment and consumables and life cycle environmental management standards such as ISO 14001
It may also be worth considering obligations dealing with incentivisation of server virtualisation which again produces cost and resource efficiencies and less physical servers mean less supporting infrastructure (which means less data centre space, power and cooling along with lower hardware management costs).
The use of third party data centres is likely to become the norm as organisations seek to demonstrate their ability to bounce back from disasters and a dynamic capability to add services as demand dictates. Although the relatively low cost that is often promised is quite a persuasive business case (particularly in the current economic climate), the cost alone should not dictate the contract and the other commercial and legal aspects of the arrangement should be carefully considered and documented in the contract to cater for the many “what if?” scenarios. If circumstances permit, a competitive tender is the optimum way to leverage your position and to get a more flexible contract.