Microsoft Corp. is positioning itself as the “responsible” public cloud provider by releasing a checklist for customers looking to make cloud procurement decisions.

The Cloud Services Due Diligence Checklist is meant to help organizations muddle their way through the process of contracting and managing cloud service providers, Alex Li, a principal standards analyst at Microsoft, said in a blog post.

Li notes that the process of procuring cloud providers can be “challenging and inconsistent,” and raises questions around data security, locality, availability, customer privacy and governance, among other concerns. As such, Li argues, customers should take care to assess and compare the kinds of services offered by different cloud providers, while also carefully identifying their own objectives and requirements, before making any decision.

The problem with this is that most organizations lack proper procedures to do so, Li says, and that has led to many companies entering into agreement that don’t always server their best interests. This is where Microsoft’s checklist will come in handy, he says.

The Cloud Services Due Diligence Checklist is based on the Cloud Computing Service Level Agreement [SLAs Framework, also known as ISO/IEC 19086-1, that was developed over a three-year period by the International Organization for Standardization.

“The Microsoft checklist distills the standard’s 37 pages into a simpler, two-page document that organizations can use to negotiate a cloud service agreement that meets their business objectives,” Li wrote. It also helps to simplify “the comparison of offerings from different cloud service providers through a set of questions with consistent terms and definitions for each provider,” he added.

To underline its point, Microsoft commissioned a study on cloud service agreements by Forrester Research, which found that a startling 94 percent of companies would like to change some of the terms in their current contracts, if possible. The research firm found that “cloud agreements almost invariably omit some considerations and SLAs, leading to consequences for the business when problems later arise.”

Some of the changes enterprises would like to make to their agreements include more stipulations about security, privacy, performance, availability, roles and responsibilities and accessibility, Forrester’s study found. In addition, many companies regretted that they’d not incorporated the considerations and views of company stakeholders before entering into their agreements.

“Our study found that respondents tend to rate security processes (which presumably include compliance and privacy considerations) as the most important, followed by favorable pricing, payments, and subscription terms,” the Forrester study said. “Additional considerations include clear rules about data usage and access, terms that provide confidence about performance and availability, and a support model that will maximize success.”

Forrester’s study concluded by saying that the ISO standard and Microsoft’s checklist should make it easier for companies to come to agreements that better suited their interests.

Image credit: Jarmoluk via pixabay.com