Cloud procurement best practices by Laurence Painell

  1. What are the main issues surrounding procurement of cloud services? Why are they important?

I think the main issue and concerns surrounding cloud services are five-fold;

1st) Challenges of culture – what is acceptable for one part of the organisation will not/is not acceptable for another. This means that global, cross department procurement is very tricky.

For many global organisations, this will not be a new phenomenon, what might be fine on one side of the Atlantic will not be good for the other. This works both ways but gets exaggerated when cloud comes into play. An example could be that European companies have concerns, rightly or wrongly, that data in the cloud even when located in a data centre in their country such as Germany can be accessed by the U.S. government on request, if it is stored and managed by a U.S. company. Now this issue doesn’t appear for on premise solutions because the data is tucked up nicely behind the firewall and is secured away from prying eyes. There is no simple solution to these concerns, and as such you need to consider whether a solution you choose offers the right levels of flexibility and deployment options to support your business. Can I have everyone using the same tech but deploy on premise for one group and in the cloud for another?

2nd) Security – most organisations fear that because this is outside of the confines of their corporate infrastructure that it is less secure. This is increasingly being accepted as false.

Security concerns don’t go away and are always present but I believe that most companies will acknowledge that cloud providers, who stake their reputations on securely managing and protecting data, are probably better placed and have access to better tools than most companies’ internal IT staff. Again, having the options for deployment and management of the solution is probably a good thing. If something goes wrong, having the flexibility to step in and take control can’t be a bad thing. In all cases, do your homework and ensure you understand the level of risk that is acceptable.

3rd) Support for regulatory and business requirements – if it is in the cloud I have lost control of accepting features and functions and when to apply upgrades. You need to ensure that the system meets your regulatory needs and that your vendor will listen to you.

Many industries have different stipulations on how systems have to be deployed and configured and many have very specific needs. It’s important to do your homework and ensure that which-ever system you use can comply with the specific requirements. No one wants to have to retrospectively look at this when the auditors come knocking! This can be important in certain industries that require the whole system to be validated before it can be used. Giving the cloud provider control of this, means you could forever be in validation mode which is not sustainable.

4th) Data retention, availability and return – this is an area that often gets over-looked. You have to be sure you can get out and that you can get your intellectual property and data out of the system.

Let’s say something goes wrong, or your software provider decides on a change of business model or plan, have you asked how you’ll get your data back and if you even can? Companies need to be careful to avoid lock-in or, worse, that the data gets removed or deleted on termination of an agreement. In some cases, the systems can store years of data and losing that critical information could be devastating to their business. Make sure you are working with a vendor that understands your requirements and is capable to deliver beyond the end of your agreement.

5th) Connectivity –  if your team are on the move, on planes or don’t have a connection then make sure they can still be productive.

This seems obvious but you’d be amazed how many companies haven’t thought about connectivity in the context of business data loads and network traffic. Often the assumption is that the old network will support critical data intensive workloads and as such we can move forwards and procure new cloud technologies. Connectivity and networks need to be looked at based on the number of users and workloads that the cloud system will need to support. Because of the reasons above, at Quantrix we offer customers maximum flexibility in procuring our cloud technologies but we also have a hybrid approach that allows users to have the off-line option.

  1. What surveys/stats/figures emphasise the need for having a good cloud procurement strategy if you are a CIO?
  • 82% of companies reportedly saved money by moving to the cloud.
  • The average fortune 500 company is using up to 545 different cloud services.
  1. How do CIOs and CSPs forge a common consensus on a common language for procuring cloud services that simplifies the matter?

The consensus between the two heads has got to be around risk. In most cases, these two departments will be coming at this from very different directions: the IT team wants to reduce cost and ensure efficiency whereas the security team is about securing infrastructure, data and IP. To be successful, they need to agree on the acceptable risk profile so that both teams can work together. Risk comes in many forms from data residency, to tools and technology used for threat detection and AV to who has access to the information. There are so many different parameters that often it is almost impossible to agree. Hence it’s important to align on the language of risk and how to manage it.

  1. What are the best practices for cloud service procurement for both CIOs and also CSPs?

Find the right vendor, make sure they are someone you can work with and that can answer the questions you have linked to the above. Bigger doesn’t always mean better, sometimes the big guys will force you down their path rather than offering the best approach for you.

  1. What issues around cloud procurement should organisations and CIOs be aware of in the next 12-18 months? Why?

I think I have covered these in the initial question, we see these issues routinely and a one-size-fits-all approach lacks the flexibility and pragmatism for most businesses. Quantrix has worked across many organisations and business verticals and have accrued significant experience in helping customers manage their transition to the cloud. Our technology and approach offers the flexibility most companies need.

By Laurence Painell, VP Quantrix.