Klemsy - Fotolia
Channel partners risk entangling themselves in a range of liability issues if they're not careful with their promises to customers.
According to Dan Liutikas, managing attorney at InfoTech Law Advocates, there a few common mistakes that channel firms should look out for when working with customers. Related to those are issues that can arise out of formal customer contracts, such as language that fails to spell out the limitations of the service provider's responsibilities.
Failure to deliver on compliance promises
One way service providers can get themselves and their customers into trouble is to leap into regulated customer environments which they don't fully understand. Liutika said this is a common mistake among service providers.
Vertical markets have a reputation for offering lucrative opportunities, but many of them, such as the healthcare industry and financial services sector, are subject to complex regulations. "There's money to be had in environments or verticals that are regulated, because it does require some expertise that is specific to whatever it is that you're doing," said Kevin McDonald, executive vice president of Alvaka Networks, a network management and IT support services company.
McDonald noted he has seen channel firms win one or two accounts in a regulated industry before deciding to market themselves as industry experts. "I can't tell you the countless number of organizations that I've walked into that are managed by a specialist IT provider … that has no clue what they should be doing for that client," McDonald said.
The wrong vendor for the job
Another common problem for channel partners can arise from promising vendor-provided services that the vendor doesn't in turn fulfill.
In many cases, this happens as the result of a mismatch between the vendor's obligations and the solution provider's obligations to the customer. The partner has its line card of vendors that offer services and a set of obligations created for the customer contract. "The solution provider doesn't in fact perform those back-end services. That's performed by a vendor [instead], and there's certain SLAs or … any number of legal obligations within the vendor contract with the solution provider. And these obligations aren't correctly correlated within the customer contract," Liutikas said.
As a consequence of the mismatch, a security breach may occur in the normal course of things with nobody doing anything wrong, he said.
McDonald stressed a different side of this problem. In his opinion, managed service providers and value-added resellers should have deep insight into their vendors' technology. Having access to this information allows partner companies to address what it takes to properly use and make the most of the technology. Cloud-based vendors, however, are getting increasingly more guarded about sharing this information, McDonald said.
"Today, with the vast majority of [cloud services] … you're now relying entirely on the promises of the [cloud] vendor. You can't possibly understand it because they won't let you see it. You don't get to go and look at how they built it because it's considered proprietary information. So you can't properly vet it," he said.
Guaranteeing an unrealistic outcome
Channel partners can make the mistake of guaranteeing their customers an unrealistic outcome, whether intentionally or not.
A good example of this would be guaranteeing an unbreachable environment. A channel partner may do everything correctly and follow all the best security practices, but still a breach may occur despite these efforts.
"In the sales process and in the process of actually contracting with the customer, [there's a risk of the solution provider making it seem it's] almost guaranteeing an outcome when in fact what they're meaning to say is, 'These are the best practices and types of activities we're going to engage in to perform our services for you,'" Liutikas said.
While partners can prevent future issues with a customer by making it perfectly clear what the customer is paying for and the limitations of their services, Liutikas and McDonald agreed that it does not make for a compelling sales pitch. "We are careful to the point where we probably lose business. … We have given up quite literally millions of dollars on single statements of truth," McDonald said of Alvaka.
When a client asks whether a solution will make the company secure, McDonald will admit his company can't guarantee full-fledged security. "In truth … nothing in the world is ever going to make you secure. And all you have to do is look at some of the best of the best organizations, some of the best researchers and security talent in the world, including Kaspersky [Labs], for example, who got hit."
Customer contract issues
Addressing these three areas discussed above will help mitigate the legal risks, but channel partners should formalize the various aspects of a customer relationship in a written agreement, Liutikas said. Additionally, partners should update their agreements when they work with a customer over a long period of time and continue to add different services and get different jobs with the customer.
Kevin McDonaldexecutive vice president, Alvaka Networks
Dated customer contracts are currently a major problem in the industry, Liutikas said. "I think the biggest issue right now is, because a lot of people are moving to cloud solutions, that many of them haven't updated their agreements to reflect their current product mix and how that configuration can impact their legal relationships between vendors and customers," he said.
When it comes to modifying agreements, McDonald said Alvaka asks customers to sign off on only a modification and never a brand-new agreement. "If you throw a new agreement at a client, it sounds like you're trying to reset the relationship," he said.
Warranties associated with a service should have limitations clearly stated. "Very clearly enumerate [your] warranties so it's clear what the extent of the warranties are and disclaim the warranties that should not apply to that particular transaction," he said.
Additionally, partners should limit their own liability in customer contracts and decide what would make for reasonable consequences for direct damages. For example, if a partner gets $1,000 a month for servicing a particular customer, the partner obviously wouldn't want to offer unlimited exposure to this customer in the event of the data breach. "The limitation of liability clauses really go to appropriately limiting the risk to the potential gain that you're going to get," he said.
Read Kevin McDonald's article about the dangers of false advertising in the IT industry.
Get tips to help your customers embrace new technology.
Download guidelines for establishing a subcontractor agreement with peers.