Cloud services offer a very credible alternative to traditional IT delivery models, and enterprise uptake is growing dramatically. Benefits can include reduced total cost, enhanced scalability, rapid solution delivery and simplified management. Conversely, entrusting critical technology components to a third party reduces control and introduces risks that need to be managed. Experience with outsourcing has led to recognized contractual approaches for mitigating risks and maximizing the benefits of third-party delivery. However, service delivery via a shared cloud platform introduces negotiating and contracting nuances, so CIOs should consider these five points.
1. Confirm that terms are negotiable.
While negotiable terms might seem obvious, many large cloud providers -- including Google, Microsoft and Amazon -- generally preclude changes to their form agreements, arguing that custom terms erode the shared delivery model and value proposition. This doesn't mean the enterprise shouldn't utilize the service under a form agreement, but it must understand the associated risks.
If service terms are flexible, you'll want to ensure that these terms supersede any standard or "click-through" agreement and that the agreement cannot be updated unilaterally. If this provision isn't achieved, your company should seek a right to terminate without liability for materially adverse changes.
2. Ensure that the pricing structure supports cloud benefits.
Cloud services can enable rapid scalability, improved asset utilization, and reduced overall cost, but contract structures may constrain the realization of these benefits. For example, SaaS providers may include minimum seat commitments, or IaaS providers may require instances to be active for a minimum duration. It's up to you to ensure that the contract does not limit the enterprise's ability to control costs under anticipated use patterns. This is in addition to customary software negotiation practices, such as obtaining tiered volume/term discounts, role-based license differentiation and constraining future price changes.
3. Develop SLAs that reflect user experience.
As with any IT service, cloud SLAs should reflect the full service scope. For example, as the cloud provider will be responsible for its Internet connection and infrastructure, availability should not be measured from a monitoring server inside the data center. Candidate SLAs may also include user interface and query performance, timely completion of critical batch jobs and incident response/resolution times.
The goal is to develop a limited portfolio of metrics that ensures that a substandard user experience cannot occur without SLA contravention. For each metric, you should eliminate broad exclusions (for example, excluding outages due to "emergency" maintenance, with "emergency" being undefined). Your enterprise should avoid focusing solely on credits for SLA failures, but rather require robust root-cause analysis and problem remediation. Ultimately, your enterprise must protect itself from sustained nonperformance, with rights to terminate for cause following chronic issues.
4. Address operational implications of the shared platform.
Your enterprise should assess the implications of service delivery via a shared platform and proactively address potential operational issues. For example, your contract should ensure that your organization will have acceptable timing for maintenance windows and will receive sufficient notice for service-affecting activities.
Procedures for managing releases should meet enterprise requirements, with the enterprise being able to remain on the prior version until its own release and testing procedures are completed. Functionality loss (or repackaging as an incremental feature) in a release should be contemplated, with mitigations including minimum notice periods, the ability to remain indefinitely on a prior version and termination without liability for materially adverse changes. Try to anticipate release-management needs that can arise from integrations and cus-tomizations by prenegotiating pricing for testing environments, rather than risking substantial charges for ad hoc requests.
5. Focus on transition-in and transition-out.
Deployment and expiration/termination also require careful attention. For transition-in, you should ensure that provider activities are clearly identified and negotiate SLAs for implementation, configuration and data load. If separate professional services for deployment are provided, a cross-default right between deployment and the core cloud services should be obtained. On transition-out, the provider must support migration, including data and schema exporting in an agreed-upon format. Periodic data archiving requirements to mitigate operational or contractual issues that jeopardize orderly transition should also be considered.Contracts, no matter how good, will take your enterprise only so far. The best protection is a confirmed ability to easily transition to another provider or solution. CIOs should remember that an uncertain transition position severely compromises the enterprise's options and leverage in the negotiating process.
Dr. Jonathan Shaw is a principal at Pace Harmon, an outsourcing advisory services firm. He holds a Ph.D. in microwave spectroscopy and has more than 12 years' experience in information technology, network operations, and outsourcing in the United States, Europe and Asia.