UCLA Extension

Contracting for Cloud Computing Services

A 2-Day Short Course

Predictions are that during 2012 over 80% of organizations will use cloud computing services and that these services will account for 30% of IT budgets.

If you don’t think your organization is using a cloud service, think again. The ease with which it can be adopted means you can sign up for a service without going through traditional channels, such as IT or purchasing. Your organization, however, needs to be aware of the unique challenges presented by cloud computing and be prepared to effectively address them prior to acquiring the service. Unprepared organizations expose themselves to a wide range of risks related to data security, compliance, service availability, and vendor lock-in.

This course is a must for anyone implementing, planning, or considering adopting a cloud computing solution, including IT professionals; business managers; procurement and sourcing personnel; and other professionals, such as lawyers, auditors, and risk managers. Learn what cloud computing is and the essential paradigm shift it presents; the benefits and risks of cloud services, and how to mitigate these risks; how to prepare to acquire these services; analyzing and evaluating cloud services options; and negotiating and managing a service contract.

Course Materials

Lecture notes are distributed on the first day of the course, along with a robust list of references. These items are for participants only and are not otherwise available for sale or unauthorized distribution.

Coordinator and Lecturer

Thomas J. Trappler, BA, Director of Software Licensing, UCLA, and nationally recognized expert in cloud computing risk mitigation via contract negotiation and vendor management. Dubbed the “Cloud Contract Advisor” by Computerworld, Mr. Trappler has presented at numerous events, including Cloud Expo, CA World, Security Threats Conference, Educause Annual Conference, The Business of Cloud Computing Conference, and the Security Professionals Conference. He writes a monthly column for Computerworld regarding cloud computing contracts, co-authored the book Contracting for Cloud Services, and has published articles on cloud contracting and open source software for Educause Quarterly. He also has been a guest lecturer at the Polytechnic Institute of New York University and co-developed and teaches “Contracting for Cloud Computing Services,” the original seminar focused on cloud computing contract issues.

Mr. Trappler has extensive experience leading enterprise-wide IT procurement and vendor management initiatives and negotiations focused on cost reduction and risk mitigation, with an emphasis on cloud computing contracts and software license agreements. As Director of UCLA Software Licensing, he has successfully negotiated over 30 enterprise-wide IT procurement agreements that generate over $6 million in cost reductions per year and provide 188,000 licenses to over 240 operating units. He was elected by his peers as the inaugural Chair of the University of California (UC) system-wide Technology Acquisition Support group responsible for establishing and managing UC-wide IT procurement agreements. Additionally, he recently served as lead author and project manager for initiatives to develop UC-wide standard cloud computing contract and software license agreement templates.


Ron Scruggs, MBA, Certified Technology Procurement Executive (CTPE), Senior Consultant, Scruggs International, Tampa, Florida (since 1999). Mr. Scruggs has a distinguished career in sourcing, purchasing, and contract management, and is an established expert in cloud services contracting. Most recently, he co-developed and presented the seminar, “Contracting in the Cloud.” Much of the course is based on his experience since the early 2000s before the name “cloud” was attached to these services. He has assisted companies with IT and BPO outsourcing, cloud services, software development, software licensing, and website development. He also negotiated dozens of commercial and state cloud services agreements for clients and developed a number of cloud SaaS template agreements.

Mr. Scruggs has consulted for a number of Fortune 500 companies, the United Nations, and state and local governments. He was manager of Strategic Alliances for Digital and negotiated major purchases, such as personal computers and software alliances, with Microsoft, Olivetti, and other major firms. He spent 20 years working as director of contracts for Digital and Bay Networks. He also helped develop the Caucus CTPE exam. Mr. Scruggs has developed and delivered courses on Open Source Software, Negotiation Success, Software Business Issues, and Procurement Process and Best Practices.

Course Program

What is Cloud Computing?

  • Why it is called “The Cloud”
  • A cloud services definition
  • Five characteristics
  • Three service models: SaaS, IaaS, PaaS
  • Four deployment models
  • Key cloud computing benefits
  • Some major cloud vendors

Challenges of Cloud Computing

  • Cloud services are dynamic and changing
  • Vendor contracts
  • Cloud services growth is exploding
  • Contracting has not caught up with the growth
  • Cloud services failures: what to learn from these

Key Risks Associated with Cloud Services

  • Infrastructure/Security
    — Data security
    — Service availability
    — Operations management
    — Service performance/response
    — Physical security
    — Disaster recovery/business continuity
  • Data Processing and Storage
    — Data types
    — Data ownership
    — Data access/disposition
    — Data breaches
    — Data location
    — Legal requests for access
  • Some Major Contract Issues
    — Cost of change
    — Compliance with laws
    — Pricing (volume commitment, expanded usage, reduced usage, renewal)
    — Minimum contract periods
    — Termination rights
    — Functionality
    — Due diligence
    — Mergers and acquisitions
    — Supplier outsourcing

Acquiring Cloud Computing Services: Principles and Practices

  • How do you gather information on cloud services?
  • How do you prepare a cloud services RFP?
  • How do you contract for cloud services?
  • How do you manage cloud services?
  • What is a best in practice cloud procurement process?

Gathering Data/Qualifying Cloud Vendors

  • Financial stability
  • Management team
  • Organization structure
  • Focus/roadmap
  • Pricing/billing terms
  • Supplier infrastructure/security
  • Customer references
  • Governance
  • Location of data
  • Location of data subjects
  • Disaster recovery/business continuity
  • Data segregation
  • Data access
  • Third-party certifications

Build Your Own Contract/Contract Checklist

  • Minimum security practices
  • Minimum infrastructure practices
  • Customer audit rights
  • Third-party verification
  • Certifications
  • Performance reporting
  • Fees/payments
  • Use of subcontractors
  • Warranties
  • Ownership of data
  • Indemnification
  • Company viability
  • Transitioning to alternative solutions
  • Data protection, access, location
  • Functionality
  • Identity and access management
  • Cyber-risk insurance
  • Termination
  • Legal compliance
  • Technical support
  • Technical access requirement
  • Cloud escrow
  • Including your contract in RFP

Service-Level Agreements and Key Performance Indicators

  • How to identify key performance measurements
  • Common SLAs/KPIs
  • SLA definitions
  • Recovery time objective
  • Recovery point objective
  • Performance/response time
  • Performing as represented
  • Quality of service
  • Error correction time
  • Latency
  • Focus on results
  • Bonus/Malus
  • Root cause analysis
  • Remedies
  • Assessing and applying credits
  • SLAs/KPIs unique to your business needs

Managing the Vendor and the Contract

  • Client rights to inspect supplier data center
  • SLA/KPI monitoring
  • Audit rights
  • DR/BC obligations in event of disaster
  • Data breaches
  • Vendor continued viability
  • Payment for performance
  • Compliance

For more information contact the Short Course Program Office:
shortcourses@uclaextension.edu | (310) 825-3344 | fax (310) 206-2815