Why DocuSign needed to move to the cloud to embrace AI and data sovereignty

DocuSign was a popular service in SIlicon Valley for signing contracts online when Inhi Cho Suh joined the company's board of directors following its 2018 IPO, but it wasn't exactly a household name. Two years later the world ground to a halt, and as businesses around the world looked for ways to keep the contracts flowing, the company went from 300,000 paying customers to over 1 million paying customers in rapid fashion.

Founded in 2003, DocuSign had relied on its own mix of homegrown infrastructure right up until around the time of that IPO, but that approach was not going to scale as DocuSign started to experience rapid growth and the advent of data localization laws around the world, Suh said in a recent interview. Around the time Suh became president of DocuSign last summer, the company began moving a significant amount of its infrastructure to Microsoft Azure, and plans to follow a hybrid cloud strategy for the foreseeable future.

"When you talk about (the) speed and scale of application builds, and what we want to do for machine learning and AI, you've got to take advantage of much more distributed computer architecture and data availability and open source large language models," Suh said. "As you become a particular size and scale, because of the billions of transactions we process and billions of workflows that we run concurrently, we knew that we were going to hit a constraint because our desire was to serve twice the number of customers, not just our existing customers."

Microsoft is DocuSign's primary cloud provider, but the company does run some workloads in AWS and in Google Cloud, Suh said. Given DocuSign's international footprint, a dizzying array of data localization laws and security regulations specific to contracts apply across regions like Europe, and some cloud providers have stronger certifications in different countries, she said.

In Australia, for example, DocuSign runs both an Azure instance and its own private data center because the laws in that country require local control of that data, Suh said. In Europe, it's a little different; DocuSign uses a colocated data center in Germany that is its primary data center for EU customers, but also uses Microsoft's EU-wide cloud region that stores data in Ireland.

"Data sovereignty is something that will impact each geographic region and government postures differently," Suh said. And with six petabytes of contract data stored on behalf of its customers around the world, DocuSign must react to those laws as they emerge and evolve.

A large part of Suh's current job involves setting DocuSIgn up for the AI era, and she believes generative AI is going to have a huge impact on the way documents and contracts around the world are created, signed, and stored.

There are a lot of relatively simple business questions that generative AI technology could answer when applied to even a medium-sized company's current contracts, such as understanding which contracts are up for renewal, and when they expire. Large-language models could assess risk across contracts, and help verify the identity of signers with video analysis, Suh said.

I want to get a sales proposal out to a customer; (the AI model) should be able to identify the entity, the party, the last set of terms, and then should be able to codify that in terms of the workflow.

But she is most excited about generative AI capabilities that could have a unique impact on contract law, even with the wide variety of laws in place around the world. Contracts are written with specific terms and phrases that have strict legal definitions, and those terms might mean something very different in a legal context than they mean in regular English.

However, that means that AI models trained on contract data could be able to easily summarize and even prepare long, detailed contracts with greater accuracy because the model has been given specific definitions of those terms, rather than asking it to interpret the meaning of those terms as part of a conversational interaction, Suh said.

"What we want to do is have a common approach and schema for agreement semantics, an agreement knowledge graph, and data models across the portfolio that can also build on top of existing open source models and connect to core system-of-record models," she said, citing CRM data as an common system of record. "We want to be able to intersect that CRM system as part of your quote-to-cash process. I want to get a sales proposal out to a customer; it should be able to identify the entity, the party, the last set of terms, and then should be able to codify that in terms of the workflow."

Training that model requires DocuSign to access customer data, but Suh said that the company asks its customers for consent to use that data for training purposes.

"It's the customer's data, it's not our data," she said. "We work with them to ask them what they want us to train on and not train on."

As awareness of AI training models spreads across the average enterprise, obtaining that consent could become harder; what if customers can train their own models on their own data, rather than sharing that data with a vendor? But Suh thinks DocuSign has a key advantage over several other companies working on LLMs right now.

"They understand that we're not in any of their businesses. So they don't see us as a threat or risk in that scenario, because they understand that our number one goal is to actually accelerate their business transactions and the businesses that they run," she said.