For a number of years,Baker & McKenzie has been surveying the landscape among sourcing professionals in order to identify trends, market best practices, and continue our position as leading counsel in the sourcing space. For the last two years, we have focused our efforts on the cloud. Specifically, we have issued a survey of more than 50 questions asking our clients, partner organizations, and IT association memberships to respond to their experiences with cloud transactions. In this article, we identify a few trends from our 2015 survey as well as some considerations based on the evolving cloud marketplace.


Although cloud services are still not as ubiquitous as on-premise hosting, the cloud continues its penetration in the marketplace. More than 92 percent of buyers (and 97 percent of providers) that we surveyed anticipated that the integration of various cloud service offerings will continue to increase solutions. In addition, buyers aregenerally satisfied with the cloud ,services they have received to date with 97 percent of cloud services meeting at least some of the buyers’ objectives.

"Although security/data privacyare significantconsiderationswhen evaluatingcloud services, itis important notto lose sight ofrisk managementfrom a broaderperspective"

One particularly notable trend for 2015 was the continued maturation of the cloud marketplace. This overall trend is evidenced by a few data points.First, cloud deals are taking less time to complete, with more thanhalf of cloud deals taking less than 2 months to negotiate (and 75 percent of all deals being negotiated tocompletion). Second, cloud deals are more likely to be on providers’ form agreements and generally there is greater consistency in contracting terms. Third, we asked buyers to identify their primary hesitations in deciding to buy cloud services and there was a notable decrease in identifying availability and reliability as one such hesitation. Although the marketplace continues to mature, the number one factor in cloud services Continues to be security.

Security continues to be at the forefront of the minds of bothbuyers and providers of cloudservices. Almost 90 percent of buyers identified security as a primary hesitation in their decision to buy cloud services. From adifferent, but likely related angle, more than two thirds of providers identified provider reputation as a primary criteria for buyers. When  we recently presented the 2015 Cloud Survey results to a room full of sourcing professionals, everyone agreed that security and privacy are at the top of the list of considerations related to the cloud.One participant on the buyer side highlighted that security and privacy are not separate issues, but are at the forefront of the IT team’s overall risk management and planning.


There are a number of aspects that need to be considered when evaluating the role the cloud will play in an enterprise’s IT infrastructure. Starting first and foremost is the development, or refinement, of a comprehensivestrategy for security and risk management. One avenue for such a strategy is to review existing controls across the whole IT infrastructure. This is especially important from a compliance perspective for public or otherwiseregulated companies, but is generally a helpful best practice across all enterprises. Thus, it is important to work with experienced counsel that is knowledgeable about the contours of the regulatory landscape for public or otherwise regulated industries such as financial services and insurance.

Another area to consider is the implementation of the cloud for an enterprise that engages in crossborder business. The introduction of a cross-border dynamic adds multiple layers of complexity and regulatory and tax considerations. For example, how will the enterprise handle cross-border data flows.Another example in the Platformas-a-Service context, is whether the enterprise has consulted with local counsel to determine whether offering the platform to its local subsidiaries will push the enterprise into an unfamiliar regulatory environment(e.g., telecom). Although security/data privacy are significant considerations when evaluating cloud services,it is important not to lose sight of risk management from a broader perspective. We asked our survey respondents to identify the types of limits on liability they arrived at in their cloud deals. Almost two thirds of buyers (and more than two thirds of providers) had some cap on liability. Most commonly, the caps were in multiples of fees, with the remaining quarter of deals having straight dollar caps. Whatever the approach,the important consideration is to carefully evaluate the risk profile of the offering compared to the planned use in the enterprise. A well counseled buyer will be able to address its needs from multiple angles, from the security controls discussed above to the limitations on liability we just highlighted.


The cloud market’s continued flow into the mainstream makes thekey considerations at the margin  more important than ever before.With service offerings converging,it is essential that sophisticated enterprises focus their efforts on cutting to the key issues to ensure their cloud services procurement meets the needs unique to their enterprise. Whether it is managing the crossborder flow of information or ensuring adequate controls from a compliance perspective, careful planning and  good counsel will enable enterprises to confidently unlock the cost saving,  scalability, flexibility, and other benefits the cloud has to offer.