Cloud Computing + As-a-Service Platforms


Organizations are increasingly replacing traditional on-premises software with cloud-based platforms and technology resources provided “as-a-service.” As a result, the legal and business issues facing software providers and their customers continue to evolve. Morrison & Foerster has the knowledge, experience, and resources to offer the most sophisticated legal and business advice in this rapidly-changing environment.

We understand that a successful cloud or as-a-service transaction should establish a flexible and long-term framework that can adapt as the client’s business evolves. We regularly work with both users and providers of such platforms and services to structure and negotiate practical, straightforward contracts that are built-to-last, and focused on long-term, mutually-beneficial business outcomes.

We have deep experience not only with commercial transactions for the procurement and provision of cloud-based services, but also with the complex privacy, data security, and regulatory issues that impact cloud and as-a-service offerings in key jurisdictions around the world, including the United States, the European Union, Japan and China, and with mergers, acquisitions, joint ventures, spin-offs, and private equity investments in the cloud sector.

Our Approach

We advise clients on legal and business issues that arise in all types of cloud-based and as-a-service offerings, including SaaS, PaaS, IaaS, as well next generation as-a-service offerings, such as security-as-a-service. While we are first and foremost legal advisors with deep expertise in legal issues that arise in technology agreements, our broad experience across a large number of transactions also gives us keen insights into the practical business issues that drive the contracting process. We are just as at home discussing the best service level mechanisms or fee structures to properly incentivize a vendor as we are negotiating the finer points of  indemnification provisions. We strive to achieve the best results for our clients from both legal and business points of view, and that means our advice must go beyond the contractual boilerplate.

For example, we have the expertise and experience needed to assist clients with such key considerations as:

  • navigating “non-negotiable” vendor contracts with a focus on key areas such as performance, service continuity, and exit rights;
  • enhancing negotiation leverage through competitive processes and assessing proposals from multiple vendors;
  • the migration of traditional on-premises solutions to cloud-based services and integrating cloud-based services with non-cloud elements, including modifying existing contracts as necessary in connection with transitioning to cloud-based services;
  • establishing financial arrangements and allocating risks in a manner that is fair and provides appropriate incentives for the parties;
  • efficiently managing renewal, renegotiation, and modification of existing cloud and as-a-service agreements;
  • global and sector-specific privacy and data security risk mitigation and compliance;
  • the regulatory impact of cloud adoption across multiple countries and sectors, particularly involving highly-regulated industries such as financial services, insurance, healthcare and pharmaceuticals;
  • standardization and harmonization initiatives affecting the cloud sector in various countries and jurisdictions around the world; and
  • the enablement of cloud subscriptions through the negotiation of terms for implementation services and related professional services.

We strive to get the best possible result in the most efficient manner, and have created standardized, global-style forms of agreement for our clients’ cloud-related transactions. Finally, we know the key players in the industry, and we have extensive experience negotiating with all of the major cloud service providers.

Commercial Agreements

We have extensive experience negotiating commercial transactions for the procurement and provision of cloud-based services. We assist clients in defining appropriate requirements for the successful and timely implementation of cloud-based services and for achieving long-term goals, including through establishing clear milestones and deliverables, as well as appropriate financial levers to incentivize service providers to meet aggressive timetables. In addition, we seek to secure appropriate intellectual property rights for use of deliverables and a balanced allocation of risks between the provider and customer. In this regard:

  • We advised Riva Financial Systems, part of the Franklin Templeton group, on its new cloud hosted services offering of its global transfer agency solution; including preparation of its new contract suite, negotiating the hosting and license terms with Riva’s first cloud hosted customer, advising on Riva’s back-to-back terms with the Luxembourg-based provider of its hosted platform; and advising on regulatory compliance issues.
  • We advised Kaiser Permanente in the transition of portions of its long-term services arrangement with IBM from an on-premises solution to a cloud-based solution.
  • We represented Dimension Data on the creation of standardized, global-style forms of customer agreements for various cloud offerings, including infrastructure, platform, and SaaS.
  • We advised AIG Europe on its project to harness cloud-based technology to provide an enhanced claims service to motor fleet customers that enables policy-holders to upload files such as photos and video footage directly to the cloud from internet-enabled device including smartphones, laptops and dash-cams.
  • We worked with Novartis on its enterprise-wide agreements with several service providers for SaaS and IaaS cloud services on a global scale.
  • We represented Norwegian telecoms company, Telenor, on its “cloudbroker” program to establish a network of Software-as-a-Service reseller agreements.

Privacy & Data Security

More than 100 countries now have their own data protection laws regulating the collection, use, disclosure, and security of personal information. The complex and sometimes conflicting obligations that these laws impose can be challenging for companies seeking to comply with their privacy and data security obligations in connection with the implementation and use of cloud-based services. In particular, migration of data to a cloud-based platform entails a fundamental shift in data security and requires specific steps to ensure compliance with applicable data privacy rules. Our market-leading Global Privacy and Data Security Group, composed of more than 60 lawyers in offices across the United States, Europe and Asia, is well-positioned to assist our clients in navigating this minefield, and we have advised on privacy compliance in hundreds of projects and involving all of the main global cloud providers.

  • We advised Novartis on the negotiation of a data processing addendum to its master enterprise agreement with a key global cloud vendor, in order to ensure compliance with Novartis’ obligations under global privacy laws and regulations in relation to its use of cloud-based platforms.
  • We advised a global business-to-business SaaS provider on a number of strategic data protection initiatives. Our work has included developing data processing agreements and transfer mechanisms for the client’s SaaS offerings to address the needs of its global customer base, providing privacy training to internal stakeholders, privacy shield certification, and advising on incident response matters.
  • We counseled a financial software provider on data protection issues as it transitions from a software licensing business (“software in a box”) to become a cloud-based SaaS provider.
  • We advised a NASDAQ-listed provider of cloud-based business management software in developing its EU General Data Protection Regulation (GDPR) compliance program.

Cloud Sector Mergers & Acquisitions

Historically, a company’s technology and data resources have often been an afterthought when structuring M&A deals. Now, they are recognized as offering significant competitive advantages. Our attorneys have extensive experience in helping clients plan for the impact of acquiring cloud-based businesses, as well as the implications arising from the use of cloud services by non-cloud targets. We understand the effect of these transactions on intellectual property rights, warranties, indemnities and due diligence, and work with our clients on on-going transitional measures through technical support agreements and other appropriate engagements.

  • We worked with VMware on its acquisitions of various cloud-based businesses and on the formation of a cloud services business, creating the industry’s most comprehensive hybrid cloud portfolio.
  • We advised Yahoo! on its acquisition of Zimbra, a leading SaaS vendor of email and collaboration software.

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2019 Morrison & Foerster LLP. All rights reserved.