The shift away from building customised systems specifically for organisational requirements is fast approaching. Global financial scenarios are presenting a funding challenge for IT innovation initiatives, transformation projects and ongoing support services.

One of the greatest shifts was demonstrated and highlighted by a US Government White House Paper titled: "25 Point Implementation Plan to Reform Federal Information Technology Management", in December 2009, and included support for a "Shift to Cloud First Policy". An important point to note is the term "Stand-Up Contract Vehicles" was used for both secure infrastructure-as-a-service (IaaS) and commodity services. Supporting actions were required, alongside the endorsement of the strategy and the guiding "Cloud First" policy.

In all cloud discussions to date, major emphasis is placed on the service types of cloud--Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or cloud models such as Public Cloud, Private Cloud, Hybrid Cloud and Community Cloud. Very little emphasis or discussion is undertaken about the major vehicle through which these models and services will be utilised and consumed--cloud contracts.

Traditionally contracts have been the realm of procurement, accounting, legal or sourcing functions. Technologists and (more specifically) information security professionals kept a safe distance because, quite frankly, they are boring, however with the advent of cloud computing, this is changing fast.

Concern over service levels, data security, data leakage, data access, scalability and security compliance with organisations' policies and standards are just a few of the issues that require the attention of security and information management prior to cloud computing services being deployed or contracts finalised. Whilst some of these concerns are similar to outsourcing contracts of the past, there are new areas that require consideration.