Is Your Cloud Provider Enterprise-ready?
10 questions that IT organizations should be asking cloud computing providers before signing on the dotted line.
Last month I wrote about how overly complex software licensing terms and conditions are emerging as a sticking point for cloud adoption. Most IT procurement organizations probably consider complexity a pretty familiar opponent, however, and at least have some ideas on how to deal with it when it shows up in negotiations accompanied by its trusty sidekick, legalese.
But now there's a new opponent in negotiations, and it's one procurement organizations may not have faced quite as often. Meet vagueness, a foe that hopes IT organizations will accept some very general contract terms at face value.
Vagueness is the overriding theme of four risks CIOs should address in cloud contracts. Gartner just released a list of these four potentially problematic areas:
- Catch-all contracts that may not take enterprise needs into account. According to Gartner, it sees contracts obviously written with the needs of consumers in mind. Such contracts may lack descriptions of cloud service providers' responsibilities and "do not meet the general legal, regulatory and commercial contracting requirements of most enterprise organizations." So organizations may need to gather additional information on issues such as a provider's data-handling policies and procedures. This more detailed information may suggest a need for specific risk-mitigation activities such as additional backup procedures, which may result in cost increases.
- Contract terms that favor the vendor. While this is also often an issue with more traditional outsourcing contracts, Gartner says it is especially true with cloud services contracts, which feature a high degree of standardization and involve services generally delivered remotely rather than locally. Buying organizations must be "clear about what they can accept and what is negotiable," advises Gartner.
- Opaque agreements with easily changed terms. Gartner cautions that some clauses are not very detailed in contracts themselves, with contracts simply supplying URL links to Web pages that detail additional terms and conditions. And it points out, "clauses that are only fully documented on these Web pages can change over time; often without any prior notice." The advice: "Organizations need to ensure that they understand the complete structure of their cloud sourcing contract, including the terms that are detailed outside of the main contract. They need to be sure that these terms cannot change for the period of the contract and, ideally, for at least the first renewal term without forewarning. It is also critical to understand what parts of the contracts can be changed and when the change will take place."
- Contracts with no clear service commitments. I've written about the lack of solid cloud SLAs before. Gartner notes that cloud service providers generally limit their area of responsibility to what is in their own network as they cannot control the public network. Buyers should understand what recourse they have if a service fails or performs badly. If SLAs are not acceptable, Gartner says buyers have two choices: Negotiate terms that better meet their needs or just walk away.
Back in July, I shared a list of seven rights and responsibilities for cloud computing consumers
, released by Gartner's Global IT Council for Cloud Services, and a list of 15 things that engender trust in a cloud service provider, contributed by members of a LinkedIn forum. Both lists offer some good ideas of items to ask for in negotiations with cloud providers. Gartner suggested then, as it does now in the release detailing the four risks that should be addressed in cloud contracts, that cloud providers would find it easier to sign up customers if they would address these concerns upfront.
With this lack of clarity in cloud services contracts, is it any wonder that vendor management shows up on almost every list of cloud computing skills IT pros will need ? On Monday IT Business Edge contributor Mike Vizard made a case for a role he called a "cloud coordinator." Among other tasks, this person would take a more cohesive look at an enterprise's cloud needs and craft meaningful SLAs around them.
Vizard spoke with Steve Riley, technical leader in the office of the CTO at Riverbed Technology and a former senior technical program manager at Amazon, who told him Amazon customers that were most successful with cloud computing during his tenure were those that had assigned someone to lead the overall cloud computing strategy. Vizard wrote:
Whether that person was just a cloud computing coordinator or "enterprise orchestrator," the fact that the person was tasked with figuring out what application workloads should run on premise and what should run in the cloud made a huge difference when it came to creating meaningful SLAs around a successful cloud computing deployment.