Skip the navigation

It takes a team to create a good cloud contract

The risks are best mitigated by people who come from specific roles in your organization

By Thomas J. Trappler
September 25, 2012 09:18 AM ET

Computerworld - Is your head spinning?

I know that everything that I have said in this series of columns on the risks associated with cloud computing (and my advice on how to mitigate those risks) is a lot to take in. I've seen that "deer in the headlights" look on a few faces when I have taught my two-day "Contracting for Cloud Computing Services" seminar. How, they are wondering, are they going to effectively address all of these issues on their own?

They shouldn't try.

In fact, it takes a team to make it all work. You need to pull that team together from existing resources within your company. Titles and roles will differ from one organization to another, but these are the stakeholders who will have the most to contribute to your cloud-computing effort:

The business process owner -- This person may have identified the need for a given cloud service in the first place, and so he or she has no trouble seeing the benefits of the service. Less clear to the business process owners is the existence of risks. You must engage them as part of the team, or face the prospect of them proceeding on their own without any strategy for mitigating those risks.

The IT vendor management team -- You should make this group responsible for managing the overall relationship with the cloud vendor, from investigation to contract negotiation, use of the cloud service and on to end of life. The vendor management team is typically also responsible for leading and managing the activities of the cloud stakeholder team.

Technical personnel -- The right technical folks can effectively compare a cloud service to current practices, identify and implement integration points between a cloud service and in-house systems, and identify and manage the impact of a cloud service on the organization's infrastructure, including network capacity.

Security and policy professionals -- There's no one better to evaluate the security practices of the cloud vendor relative to the type of data involved and the business criticality of the service, and identify whether use of the cloud service aligns with existing organizational policy.

Representatives from the legal department -- Cloud computing can have wide-ranging legal implications, and the cloud is so new that legal precedents may not yet exist. It's important to engage legal counsel to identify legal issues (such as indemnification and limitations of liability) related to the contract with the cloud vendor, and determine whether use of a given cloud service is in compliance with your obligations under the law.

Procurement staff -- If a purchase can't proceed without passing a procurement office review, you'll want to bring these folks into the loop. The cloud brings new risks that procurement personnel may not be familiar with. If you don't want your cloud purchase stuck in purchasing, it will be essential to educate and engage the procurement staff.

Our Commenting Policies