TED Conversations

Tiffany Kahnen

This conversation is closed.

Given that cloud is becoming more popular to aid in scalability of a business, how are you evaluating your complex cloud contracts?

What is the process you are using to evaluate the risks associated with engaging a cloud service to increase scalability? What risks are you willing to take on? I'd also like to see what risks companies are wrestling with....And maybe even determine a few risks, companies are largely under-educated about and overlooking in the evaluation process. (i.e. geographical location of the data)

Share:
  • thumb
    Jan 31 2012: First and foremost you need to complete at least one very comprehensive ITIL-style planning cycle, or leverage your existing Capacity and Performance Management process to establish a realistic forecast. This process should be deeply rooted in the Service Strategy of your business, and a detailed Service Design.

    This process is necessary to accurately estimate the cost of the needed cloud services, and the suitability of the cloud providers service offerings to your needs. Even top-tier cloud providers have limitations around up-time commitments, and specific capability around remediation times, RTO/RPO, etc. These are risks that are not necessarily unreasonable, but must be matched against your true business needs.

    In my experience, there are two main pitfalls to utilizing he cloud. Firstly its underestimating the growth of your business, leading to over-consumption of cloud services and undermining the ROI. Secondly, its overestimating the availability guarantee's and support process of the providers, leading to critical outages.

    To to sum up (and to blatantly steal from Sun Tsu), know yourself, and then use those questions to evaluate your providers. If you have completed both of those processes well, the risks to your business should reveal themselves.
  • thumb
    Jan 27 2012: First of all, by establishing a baseline (in the 3 to 6 months) prior to engaging an SLA with a cloud service provider. The baseline should measure the quality of service. This way you can compare it to any assessment made in the future.

    The scope of the quality of service can be defined as you wish. What I mean by this is that a company should set up its own priority list according to the demands of the IT department and (therefor) the core business. Combining these two will give you the perfect wishlist for the setup of an SLA with a cloud provider.

    Anything that will bear to mind when you hear the word 'risk', can be summed up under one (or more) of the following:

    1. Accessibility;
    2. Recognition;
    3. Hospitality;
    4. Advice;
    5. Meeting promises;
    6. Price;
    7. Formal handling;
    8. Supply and delivery;
    9. Support;
    10. Maintenance;
    11. Communication;
    12. Where do we start?

    After I've prioritized this list, by giving each point a score ranging from 0 to 10, I've also defined what I want and why I want it (vison / strategy / BHAG) in the meanwhile. I can now take this list, while shopping for a cloud provider or while assessing my current supplier, and explain to my accountant afterwards why I've made this choice (Europe, comme ├ža).

    This way I'm trying to show you a way to cut out the right formula out of the right piece of wood for any organization, since each one should create its own set of priorities according to their own business.

    And since I'm in Europe, I prefer a European cloud provider. I'm really not a big fan of the Patriot Act and therefor U.S. cloud providers when it comes to classified data... But I guess that's a whole other discussion.

    Any questions, comments and/or other feedback are more than welcome!