The strength of companies' negotiating power with cloud service providers may depend on how big they are, as well as the size of the cloud service provider.
But if competition among cloud providers increases, it would help cloud users negotiate more favorable contract terms, experts say.
A critical factor from the business point of view is the cloud service providers' willingness to accept responsibility in the event of a data breach or loss.
The attitude of some cloud providers is that they are providing a service, they are not bankers, and therefore should not be held responsible for data loss, said David Rees, London-based cyber division director for broker R. K. Harrison Group Ltd.
“If you're trying to deal with a big cloud provider, there is no negotiation,” said Mark Greisiger, president of Gladwynne, Pa.-based NetDiligence, which provides cyber risk management and information security service as the marketing arm of Network Standard Corp.
Instead, cloud users are faced with a “typical shrink wrap” agreement, he said.
If you are a big client, however, you do have more weight, and “there's a chance you can get them to modify” some provisions, Mr. Greisiger said.
Many times, customers will not be able to negotiate with the larger cloud providers, but there are many small and medium-sized cloud providers “who are happy to negotiate with you and willing to focus on specific concerns,” said Richard L. Santalesa, Fairfield, Conn.-based senior counsel at InfoLawGroup L.L.P.
But cloud users' negotiating position may continue to change if the market becomes increasingly competitive “and providers have to give a little bit,” said Tim Zeilman, Hartford, Conn.-based vice president at the Hartford Steam Boiler Inspection & Insurance Co., a unit of Munich Reinsurance Co.