It takes a team to create a good cloud contract
I know that everything that I have said in this series of columns on the risks associated with cloud computing (and my advice on how to mitigate those risks) is a lot to take in. I've seen that "deer in the headlights" look on a few faces when I have taught my two-day "Contracting for Cloud Computing Services" seminar. How, they are wondering, are they going to effectively address all of these issues on their own?
They shouldn't try.
In fact, it takes a team to make it all work. You need to pull that team together from existing resources within your company. Titles and roles will differ from one organization to another, but these are the stakeholders who will have the most to contribute to your cloud-computing effort:
The business process owner -- This person may have identified the need for a given cloud service in the first place, and so he or she has no trouble seeing the benefits of the service. Less clear to the business process owners is the existence of risks. You must engage them as part of the team, or face the prospect of them proceeding on their own without any strategy for mitigating those risks.
The IT vendor management team -- You should make this group responsible for managing the overall relationship with the cloud vendor, from investigation to contract negotiation, use of the cloud service and on to end of life. The vendor management team is typically also responsible for leading and managing the activities of the cloud stakeholder team.
Technical personnel -- The right technical folks can effectively compare a cloud service to current practices, identify and implement integration points between a cloud service and in-house systems, and identify and manage the impact of a cloud service on the organization's infrastructure, including network capacity.
Security and policy professionals -- There's no one better to evaluate the security practices of the cloud vendor relative to the type of data involved and the business criticality of the service, and identify whether use of the cloud service aligns with existing organizational policy.
Representatives from the legal department -- Cloud computing can have wide-ranging legal implications, and the cloud is so new that legal precedents may not yet exist. It's important to engage legal counsel to identify legal issues (such as indemnification and limitations of liability) related to the contract with the cloud vendor, and determine whether use of a given cloud service is in compliance with your obligations under the law.
Procurement staff -- If a purchase can't proceed without passing a procurement office review, you'll want to bring these folks into the loop. The cloud brings new risks that procurement personnel may not be familiar with. If you don't want your cloud purchase stuck in purchasing, it will be essential to educate and engage the procurement staff.
Audit, compliance, governance and risk management gatekeepers -- These people are responsible for ensuring that organizational activities are compliant with government regulations and internal policies. Again, the challenges and risks of the cloud are novel enough that you could trip up here, so engage these gatekeepers early so that you can collectively identify and address all the issues in advance.
As in the story of the blind men who tried to describe an elephant after each had touched a different part of the beast, each stakeholder will bring a different perspective to the cloud. Some will see benefits, and others will see risks. Each perspective is valid, but they must all be brought together to get the big picture. Only then can you make a balanced decision regarding whether or not the benefits of adopting a cloud service outweigh the risks.
Working together, the team can help your organization effectively adopt cloud-computing services by doing the following:
* Monitoring and managing your relationship with the cloud vendor to ensure continued adherence to the contract terms, and determine how to effectively address when things don't go right.
* Establishing and disseminating standard processes appropriate to the acquisition of cloud-computing services, including developing guidelines and best practices regarding the appropriate use of cloud-computing services.
* Investigating and implementing opportunities for organization-wide contracts with cloud vendors to establish improved terms and conditions, including those that override the terms of click-through agreements to provide additional protections for end users.
Thomas Trappler is director of software licensing at the University of California, Los Angeles. For more information, please visit thomastrappler.com.
Sim Ahmed (@simantics) is a reporter for CIO New Zealand.
Follow CIO on
Download CIO for your tablet here.
Click here to subscribe to CIO.
Sign up to receive free CIO newsletters.
Send news tips to email@example.com
Tidal wave alert
Ready or not, mobility is here to stay, say three IT leaders who share their experiences on the road to BYOD.
IPv6: A new headache or huge opportunity?
IPv6 is here, it's real and it's growing, according to local industry bodies. Deploying IPv6 may not be high on your list of priorities at the moment, but if you start planning now you could avoid escalating costs.
CONNECT WITH @ CIO NZ
CIO is bringing together the best of MIS NZ and CIO, the new look CIO is the only magazine that focuses on the unique management needs of senior IT professionals.
Get the latest news from CIO delivered via email.
MIS 100 REPORT
The definitive guide to New Zealand's largest and most significant ICT users.
READ NOW »