For a good cloud contract, start with an RFP

All the questions that you pose to vendors in a request for proposal can be the basis for the eventual contract

The ease with which one can start using cloud computing services seems to lead some organizations to bypass traditional competitive bidding processes such as requests for proposal (RFP). I recently advised on a statewide RFP for cloud-computing services, and it was not only an effective way to compare and identify the best offerings, but it also served as an excellent starting point for the cloud-computing contract.

As you draft the questions that make up the RFP, your cloud-computing contract will be shaping up as well. Every issue that's important to consider when developing a cloud-computing contract should also be addressed in the RFP. And by asking multiple vendors how they propose to fulfill your needs, you not only obtain a firm understanding of the relative benefits provided by each vendor, but you also gain insight into where additional negotiations may be needed and what each vendor's starting point in those negotiable areas may be.

If you have built a team to address cloud risk-mitigation issues, it can play a key role on the RFP team by developing RFP questions and evaluating vendors' responses in relation to their particular areas of expertise and responsibility.

Some companies won't bother with an RFP for cloud services in the mistaken belief that all cloud vendors, especially infrastructure-as-a-service (IaaS) vendors, provide essentially the same functionality. But not all cloud vendors are created equal, and as the cloud market continues to evolve, vendors will attempt to distinguish their services from the competition.

As an example of the sorts of differences you can expect an RFP to uncover, a service-level agreement (SLA) guaranteeing "four nines" (99.99%) availability can be a big differentiator compared with a "three nines" (99.9%) SLA. (Do the math. With three-nines availability, the expectation is for close to nine hours of downtime per year. With four nines, it's less than one hour.) A properly formulated RFP will also help you identify where vendors differ in how they calculate uptime, and what events (scheduled maintenance, for example) each excludes. And what does the vendor offer in the way of guarantees that it will meet the SLAs it commits to?

There are many elements of a cloud vendor's infrastructure and security to evaluate, and vendors vary widely in this regard as well. By including an infrastructure/security questionnaire in the RFP, you can gain valuable insight into whether or not a particular cloud vendor runs a sufficiently tight ship to meet your needs. You'll also want to ascertain what certifications or other third-party verification the vendor may have to validate its infrastructure/security claims. If you find that a given vendor's response in this area meets your needs, then you can spell out its current infrastructure/security mechanisms and certifications as minimum requirements in the contract.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon