Navigating the cloud contract issue
Some attendees agreed that putting a lot of liabilities into cloud contracts also provides recourse for organisations when issues with a cloud service provider arise.
“This works well for high value contracts but my business is asking me to leverage services costing only $30 per month,” said one CIO. “Based on that, our service providers won’t be willing to commit to indemnities and liabilities that are significant.
“Having a solid contract that talks about really high liability caps is one way to ensure that the practices in your organisation are up to scratch. We also need to be assessing the capabilities of vendors so we can make a call around what is good and what is too risky.”
Darren O’Connor, CIO at retailer The Reject Shop added that when you are moving infrastructure and applications to the cloud you are “essentially swapping one IT team for another one.”
O’Connor said the retailer is using Google Apps to provide applications that need to be accessed by a broad range of people inside the organisation and can easily work with Google if there are issues that need to be resolved.
“We have an account executive at Google, I know where my Google Apps data lives and where the copies are located. You can have those conversations with these cloud providers, it’s not secret stuff.”
The Reject Shop has arrangements with its cloud providers to ensure its cloud applications are “single sign-on”, which provides O’Connor with control over user authorisations and keeps a lid on where content is distributed.
Creating a risk profile
Attendees at the Sydney roundtable also agreed that creating a risk profile and managing relationships with cloud service providers are extremely important.
One CIO said she used a risk matrix to best determine the suitability of a cloud provider.
“I don’t rely on intuition – the risk matrix allows us to evaluate the likelihood, the cost impact and then sharing that with all our the business stakeholders and have them consistently review the level of risk.”
“There is always going to be risk but the question is ‘if you don’t take on some level of risk, will you lose an opportunity,” she said.
Still, one attendee, a head of IT at a large retailer is wary of public cloud providers’ ability to continue to provide service if disaster strikes. This is despite the fact that the retailer has a number of IT systems in the cloud.
“I don’t see how you can possibly be in control,” he said. “If a public cloud provider goes down, where does that leave you as the customer?” You hope that the service provider’s disaster recovery and other processes will keep you going no matter what.”
“But somewhere along the line, something’s going to break,” he said.
We have an account executive at Google, I know where my Google Apps data lives and where the copies are located
Derek Welsh, CIO at employment services organisation Angus Knight, added that organisations and their cloud service provider should be sharing risk.
“Cloud service providers need to be able to scale their infrastructure and guarantee that elasticity is there and they have enough infrastructure in place so no matter what the load, customers will never see an impact,” he said.
Karolis Macionis, cloud manager at CSC Australia, pointed out that there are up to 12 cloud providers emerging each month in Australia.
“Most people see that as an attempt to cash in on a buzzword (cloud). But if cloud service providers can provide resources on a pay-as-you-go, scale up and down basis and spin up a virtual machine in five minutes,” he said.
“We are missing the main point of cloud. It’s about providing companies with flexible computing resources that they can easily scale up and down.
“Electricity is a good example of that, we flick the switch, we pay for it; we switch it off, we don’t. That is the biggest difference to managed hosting. Unfortunately in the marketplace at the moment, there are not many companies that can provide real cloud computing services,” he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.