Determine which are critical to address in your cloud services deal. After all, cloud computing is just another way to purchase software or infrastructure services, says Masur. Traditional outsourcing contract terms offer useful guidelines for cloud computing engagements, particularly infrastructure-as-a-service transactions involving sensitive data. And software licensing terms offer useful precedent for SaaS deals.

When Los Angeles and its IT outsourcing provider CSC signed a three-year Google Apps contract, the city was able to incorporate a surprising number of customer-friendly terms into the deal: a private cloud for sensitive data, mandatory data encryption, U.S.-only data storage and access, service levels with meaningful penalties, e-discovery functionality, a four-hour service restoration requirement, clearly defined exit rights, mandatory subcontractor flow-down, and broad indemnification obligation with unlimited liability for certain breaches.

The average cloud services customer may not be so lucky. You may find no cloud computing vendors willing to agree to your must-have terms--an indication you're not ready to send that particular IT service into the cloud.

But watch out for the converse, as well--an overeager provider that agrees to everything.

"A provider can agree to anything, and if the service level penalty for failing to deliver is insignificant, it can be cheaper to fail than in fact to deliver," says Plotkin. "This is a danger for all service providers. But it is probably a bit more of an issue because many of the cloud providers are less mature and have not gone through the crucible of having to keep promises as the larger, traditional providers have over many years."