By Guest blogger Bijan Dastmalchi, Principal at Symphony Consulting, Inc .
It sounds like a CIO’s dream: infinitely scalable services without worrying about installing, configuring, updating, and managing the underlying software and hardware. With this infrastructure residing at a third-party facility, the CIOs of the world can now rely on someone else to do the basic blocking and tackling while the IT world manages the strategy and the architecture of delivering services to users. As with many dreams, this one can take a dark twist. The reality is that Cloud computing may not be as scalable or as worry-free as we would like. Much of the original excitement can wane as IT organizations dig into the details. Whether it stays a dream or turns into a nightmare is largely dependent on the level of due diligence that was exercised when structuring the deal and negotiating contracts for Cloud services.
So what are the risks that you should be mitigating when you are negotiating the deal? The answer to this question would require a lengthy whitepaper but for the purpose of this newsletter, we’ll focus on five of the most visible gaps that we have seen in our practice:
- Outlining an exit strategy. All good things come to an end and Cloud relationships are no different. Few companies think far enough ahead to adequately insert key provisions that clearly spell out roles and responsibilities at the end of a contract term, or worse yet, in the event of termination for cause. While getting into a relationship is exciting and motivating for both sides, thinking about the end game is just as important. What will happen to your data? How long will you have to access it? What form will your data be stored in and will it be useable to you without the service? What support will you receive in transitioning to a new provider?
- Ensuring that your Cloud solution — and your pricing — can scale. This issue strikes at the core of one of the supposed benefits of Cloud contracts. When you want to expand or reduce your footprint, can you do this freely and at a predictable price or are there roadblocks like limited change windows, minimum purchases, bundling of items, etc.? What happens when you want to take advantage of new incremental functionality? Do you have an agreed-upon fee structure? Is it commensurate with the incremental value that you are getting from the service? Our experience has been that in most Cloud contracts, the baseline pricing is reasonably documented in the contract but the price structure for growth or contraction is not clearly stated.
- Thinking beyond the contract term. How would you respond to a double-digit increase in fees after your contract expires? Hopefully, your response is not to simply switch service providers. Depending on the platform, there are varying levels of complexity but suffice it to say that you do not want to get into the habit of jumping from one solution to another at the end of each contract term. At the same time, you also don’t want to find yourself in the position of being tied to a solution with runaway costs. Last but not least, you may need to reevaluate your provider’s viability, capability, and overall “fit” at the time of renewal to account for major changes (mergers, acquisitions, restructuring) that may have occurred during your contract term. This information can provide valuable information in formulating terms of the renewal contract. There are specific pricing terms that you can negotiate in your Cloud agreements to provide you with protection in future renewals as well.
- Service Level Agreements. As more mission-critical applications are migrating to the Cloud, you cannot afford any interruptions in service, which is why a Cloud provider’s service agreement should include a standard SLA. SLAs are generally positioned as non-negotiable and customized at a high cost to the client but in reality, they can actually be negotiated. In addition to making sure that the service agreement includes an SLA with meaningful metrics, you need to have a process in place to track the service provider’s performance and measure it against the SLA. A scorecard and credit schedule can be formulated to ensure that the client receives credit for periods the provider fails to meet the agreed-upon service levels.
- Protecting your data. Companies have spent significant time and energy protecting their important data when they utilize an internal infrastructure. For some reason, there is innate trust when it comes to Cloud services. There are multiple ways for data to slip away from your control in a Cloud environment. Depending on the sensitivity of the data you will have out in the Cloud, you will want to apply varying degrees of diligence. But what happens when your information is distributed, sometimes across multiple geographies without your knowledge? What happens if there’s a court order to the service provider to release information and such disclosure takes place without your knowledge? What laws may you be in violation of based on the varying degrees of data privacy restrictions in different countries? To what standard should your provider be held regarding data protection(e.g. SSAE 16, SAS70)?
As simple and fundamental as they may appear, these are questions that are often unanswered by IT organizations in their quest to migrate towards Cloud computing. Keep in mind that switching to a Cloud solution should not be a knee-jerk response to the normal operational headaches of an IT organization or short-term cost pressures. It must be a well-thought-out, well understood, a long-term strategy backed up by a robust risk assessment. Otherwise, your dream can easily turn into a nightmare.
Symphony Consulting specializes in helping companies negotiate effectively with Cloud service providers. If we can be of assistance, please do not hesitate to contact us.