How Do You Protect Your Business If Your Cloud Service Provider Fails?
By the end of this year, Gartner predicts 1 of 4 cloud service providers (CSPs) will no longer be in business due to consolidation or lack of funding. Based on the explosive growth of cloud use, you are likely using SaaS to support business critical functions and IaaS compute or storage services from the cloud. What happens if that SaaS or IaaS cloud vendor isn’t there tomorrow?
Our colleagues at Cisco IT faced this challenge when a cloud storage service used for case management, went out of business. Cisco IT was only given weeks to get the data from the vendor and find a new solution to support a critical business function.
From our own lessons learned by Cisco IT and the experience of our customers, I want to share some steps you can take to protect your organization from similar challenges.
#1: Protection Begins With Vendor Assessment
After the storage vendor experience, Cisco IT formally introduced a financial assessment part of the on-boarding assessment process for SaaS, IaaS, and PaaS vendors. When evaluating a vendor, it’s important to evaluate their financial stability. Ask how much funding they have acquired. What’s their burn-rate? Use vendor ratings through Dun & Bradstreet to validate their financial stability.
Look into how they will be storing, archiving, and backing up your intellectual property and data. Ensure that, in the event of an acquisition or termination, your data will be available to you, and that it will be destroyed properly after you’re no longer doing business. Also, make sure that the vendor has strong business continuity plans and can support you in the event of a disaster.
#2: Have a Rock-Solid Termination Clause
You need to make sure you have access to your critical data. So, you need a strong contract stating exactly how you’ll receive your data in case of a termination based on any cause, at-will, performance, bankruptcy, or acquisition.
The clause needs to address how much time will be given to transition data, what format and process should be used to provide the data, how data should be destroyed and what form of proof is required. If the vendor is also supporting a business critical function, think about adding a clause to require transition services where a vendor or third party would help facilitate the transition after a termination.
For the termination clause, you should consider establishing an escrow agreement where the vendor agrees to provision the software in escrow for use in case of a failure to support, bankruptcy, or other triggers.
Finally, also consider what contract elements would stay active in the face of a termination including terms like confidentiality, intellectual property protection, indemnity, etc.
#3: Establish Your Cloud Vendor (SaaS, IaaS) Management Processes
Establish tools, teams and processes to define how you manage cloud services from onboarding to termination. When you establish cloud management, think about ways to monitor cloud service providers who are supporting your business critical initiatives including quarterly business reviews or other reporting mechanisms and processes where you can maintain a back-up copy of the data periodically.
Also, outline how IT will partner with line of business to make sure your business needs are met during a transition from a CSP. These processes should help facilitate a seamless transition from one vendor to another vendor or private cloud.
Here’s where Cisco Cloud Consumption Optimization can help you to establish cloud lifecycle management processes within your organization.
#4: Create An Approved Public Cloud Vendor Catalog
Develop a catalog of approved CSPs that detail specific capabilities. In case of termination, this catalog will help IT and business leaders quickly identify a new provider to meet their business needs. Similarly, Cisco Prime Catalog can help you establish this type of catalog to manage your cloud resources.
#5: Implement Private or Hybrid Cloud Capabilities
For many, your mission critical systems and applications will need to remain under the supervision and control of IT rather than public cloud vendors. By establishing private cloud or hybrid cloud functionalities, IT can provide the convenience and benefits of cloud delivery while maintaining strict control over data and intellectual property. Cisco Intercloud Fabric for Business and Cisco Openstack Solutions can help you establish private and hybrid cloud capabilities and deliver agility and cost benefits of public cloud with the control and security more commonly associated with private cloud deployments.
The key to building an end-to-end process within your org is to manage your vendors from on-boarding to termination. Learn more about how we can help you govern cloud and manage cloud vendors at http://www.cisco.com/go/cloudconsumption.
Have you had any challenges with a CSP shuttering its doors?