For non-core business tools or services involving routine, non-sensitive data, it often makes sense for customers to accept looser contract terms for that lower price.

But when you're considering a cloud-related option involving mission critical systems, regulated personal data or sensitive business intelligence, it's time to call legal and get the red pens ready. "A customer may opt to require a private cloud, data encryption, geographic restrictions, and other such terms," says Masur.

The biggest mistake new cloud services customers can make is either assuming the vendor's contract provides adequate customer protection or presuming there's no room to negotiate at all. "Many prospective customers assume incorrectly that cloud contracting is very similar to traditional IT contracting and either fail to address the issues unique to cloud computing, such as data privacy and compliance issues, or do so in a manner that increases their price without delivering commensurate value," says Masur.

While many cloud providers have been reluctant to deviate from their standard contracts whether due to their own restrictive business models or industry inexperience, that's beginning to change in this quickly evolving market.

For would-be cloud consumers looking to beef up the standard vendor agreement, the traditional IT outsourcing contract can be a good model. While there are no standard best practices in cloud contracting and no one-size-fits-all document capable of covering the spectrum of services available in the cloud, it can help to peruse a list of standard outsourcing provisions: privacy and security standards, regulatory and compliance issues, service level requirements and penalties, change management processes, business continuity, mandatory flow-down of all terms to subcontractors, termination rights.