Blog post

Gartner’s Global IT Council on Cloud Computing: Do You Have Rights?

By Daryl Plummer | July 11, 2010 | 4 Comments

Vendor ContractsStrategic PlanningService OrientationIT GovernanceEmerging TrendsEmerging PhenomenaCloudCartoonBusiness Process ManagementBPMApplicationsBill of RightsResponsibilities

It has long been apparent to me that Cloud Computing represents a significant change in the relationships between providers of solutions based on technology and the consumers who use those solutions. Whether you are talking about how computing solutions are paid for, who delivers them, or what the contracts for those services look like, you have to deal with the trust that must be established between service providers and service consumers. And, one of the key ways of building trust is to agree on who gets what rights, and who takes on what responsibilities.

In the past 8 months, I’ve worked with a number of industry players to try to put into words some of the issues that can erode that necessary trust between providers and consumers in the cloud. That effort is part of Gartner’s Global IT Council where we not only looked at the issues, but actually sought to propose some basic approaches to addressing those issues.

The Gartner Global IT Council for Cloud Computing consists of CIOs and senior IT leaders of large global enterprises who work together to create actionable real-world recommendations and drive fundamental changes in the way the IT industry works. 

The Council’s list of Rights and Responsibilities for Cloud Computing identifies some of the more interesting “basic truths” that should be self-evident but often are not. It seeks to establish a checklist of elements that should be addressed in any contractual agreement between cloud service providers and consumers. Once that checklist is in hand, a proper discussion of how to most effectively evaluate, select, and consume cloud services can be started. This is necessary even for simple cloud services, but is essential for the most mission critical of business processes supported by cloud computing.

The Councils preliminary findings and a detailed overview of their Charters can be found at Join the discussion and help the list grow and change over time as the industry evolves the dialog.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Daryl,

    Great work by Gartner and the Council on the Rights and Responsibilities for Cloud Computing. It clearly reflects much of my own thinking from the series of posts I did in late 2008, updated again last month in my “Cloud Computing Bill of Rights, 2010 Edition”.

    One key area I would like to see the Council address in a future update of the Gartner work is the following:

    Does the cloud consumer have a *responsibility* to assure the security of their applications and data, either directly (through work that the cloud consumer has control over), or via audits and reviews of contractual security agreements with the provider?

    This is much more than the right to know what the provider does about security. It is an explicit acknowledgement that, while the consumer might contract out some control over their IT security, the consumer themselves is ultimately accountable for the choices they make.

    I think this is a key issue, and a responsibility that I think there is much confusion about in the cloud computing market.


    James Urquhart
    CNET | The Wisdom of Clouds

  • Esme Vos says:

    Is there a compilation of the rights that a customer has in different jurisdictions (e.g UK, US, France, etc.) when his privacy is compromised, the provider goes into receivership, service is poor, etc.?

  • Daryl Plummer says:

    Sorry for the delay. No list yet. Mostly, we are looking at global isues, though.

  • Daryl Plummer says:

    It a good point, James. As consumers get into multi-tenant cloud services, that responsibility gorws, yes? We are looking at more consumer responsibilities now.