More and more industries, from accountancy firms to zoological societies, are adopting cloud computing services. Every day, millions of users are accessing online cloud services such as Apple iCloud, Gmail and Dropbox across desktop and mobile devices. But competition between cloud and outsourcing providers is intensifying as new start-ups continue to enter the $80 billion global cloud computing market.

The next evolution in delivering corporate cloud services is known as anything-as-a-service or XaaS. XaaS can deliver integrated hardware and software services over the internet, in one seamless package. But what risks does this new outsourcing model pose for users and suppliers, and what does this mean for negotiating and drafting commercial contracts?

Anything-as-a-service ("XaaS", pronounced 'Zaas') is the next generation of cloud computing services. XaaS integrates the online delivery of separate private or public cloud services to users. While this new model offers even more benefits than traditional cloud services, it does differ from regular stand-alone outsourcing and cloud computing services. These differences affect how organisations should draft and negotiate contracts for XaaS offerings.

What is Cloud Computing?

Today, it feels like everyone is 'on the cloud'. McKinsey estimates that almost 80% of US companies either use cloud services now or plan to in the near future. In basic terms, cloud computing delivers information technology as services on demand, over the internet. In other words, a user does not need to purchase or install software or run its own applications and data servers. The cloud provider hosts applications and provides the computing power from their data centres. This allows the user to benefit from enormous economies of scale and dramatically lowers the costs of IT procurement.

How is XaaS Different?

In contrast to traditional cloud computing services, XaaS combines separate cloud services into one online virtual service. An XaaS offering could include:

  • servers to run virtual desktop infrastructure (infrastructure-as-a-service);
  • an office suite such as Microsoft Office365 (software-as-a-service);
  • physical telephone handset offering voice-as-a-service;
  • physical computer terminal such as a Google Chromebook; and
  • backup and restore as a service.

Effect on Legal and Commercial Terms

Competition between cloud and outsourcing suppliers is intensifying and new start-ups are entering the market and offering more complex corporate solutions. This competition is reducing the price that end-users pay for cloud services. One way providers are seeking to cover their costs and earn a reasonable return is by increasing a user's overall spend, for example, by offering to integrate an XaaS offering with the user's existing cloud services.

XaaS providers are also seeking commercial protections in their contacts, such as exclusivity or a volume commitment and to sub-contract their services to cheaper off-shore providers. From a legal perspective, providers are tending to offer rigid pro-forma legal terms where the majority of risk is transferred to the user, with typically little scope for negotiation.

Tips When Reviewing XaaS Contracts

With these issues in mind, an organisation considering adopting an XaaS offering should consider the importance and commercial sensitivity of the function it wishes to outsource. Similar to a traditional IT contract, corporate users should plan ahead and consider not only the monthly service fees, but also possible termination costs and the level of technical transition-in and transition-out assistance it may require. When reviewing an XaaS contract an organisation should study the following six areas of the contract:

  • Service Performance – Ask the XaaS provider if it offers key transition-in milestones and deliverables against fixed criteria. As the XaaS offering will integrate different cloud services, look for a robust service levels regime for individual components and the overall solution, along with binding service level credits.
  • Continuity – Confirm if the provider offers business continuity and disaster recovery services as standard. If so, confirm what level of protection they offer and if there is an extra charge for this.
  • Security and Data Protection – The data storage location is important. The contract should state a set location(s) for data storage. A user should ensure it understands the different levels and types of security that it can select for different components of the XaaS solution.
  • Subcontractors and Integration - To reduce its costs, the XaaS provider may use sub-contractors for different components of the XaaS solution. Users should check if the contract states the identity of these sub-contractors and also if the XaaS provider takes responsibility for integration of the overall XaaS solution. It is also prudent to check if the contract sets out limits on how a subcontractor can access the user's stored data.
  • Intellectual Property Rights - XaaS providers may wish to retain ownership of the IP in their standard solutions. However, a user will not want to pay extra for reports or other created IP. Therefore, confirm if there are contractual provisions to address ownership of user-specific adaptations or developed material.
  • Termination and Exit Assistance – Review the contract for obligations on the XaaS provider (and its sub-contractors) to destroy or return the user's data on termination. Ideally, the contract will also include provisions to help the user with the transition of services back to the user or to an alternative supplier at the end of the term.


The challenge is for users to choose the right cloud computing options for their business. Enterprise users, such as banks and governments, have been resistant to migrate their in-house network applications to the cloud. XaaS can offer them a combined solution that offers the benefits of service conformity and integration from a single cloud provider. Provided suitable contractual protections are in place, for example in relation to continuity of access, sub-contractors and data security, XaaS could be the important link that allows users to adapt their internal processes and systems and adopt an organisation-wide cloud based solution.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.