The immaturity of cloud service contracting of many companies led to structural deficits, which they will need to address to achieve wider acceptance of their standard contracts and to benefit from the economies of scale that come with that acceptance, according to IT research firm Gartner.

The research firm has identified four risky issues that CIOs and sourcing executives should be aware of when contracting for cloud services. They include: cloud sourcing contracts are not mature for all markets; contract terms generally favour the vendor; contracts are opaque and easily changed; and contracts do not have clear service commitments.

Indicating the first risk, Gartner advises organisations to carefully assess the risks associated with cloud sourcing contracts and see that cloud-sourcing contracts meet the general legal, regulatory and commercial contracting requirements of most enterprise organisations.

The research firm says that an organisation needs to understand that it is one of many customers and that customisation breaks the model of industrialised service delivery, as cloud service contracts are currently written in very standardized terms.

Organisations need to ensure that they understand the complete structure of their cloud sourcing contract, including the terms that are detailed outside of the main contract, and need to be sure that these terms cannot change for the period of the contract.

Stating that cloud sourcing contracts do not have clear service commitments, Gartner said buyers before investing to cloud offerings should understand what they can do, if the service fails or performs badly.

They should also understand whether the SLAs are acceptable and if the credit mechanisms will lead to a change in the providers’ behavior, failure to which they should negotiate terms that meet their requirements, or not engage.

Gartner research vice president Frank Ridder said CIOs and sourcing executives have a duty to understand key areas of risk for their organisations.

Gartner research vice president Alexa Bona said, "It’s essential that organisations planning to contract for cloud services do a deep risk analysis on the impact and probability of their risks, and they should also plan mitigation for the most critical issues."

"This might cost additional money, but it is worth the effort. Risk should be continuously evaluated, because contracts can change — sometimes without notification," Bona said.