The Cloud is everywhere these days and not to be left behind we are all vaping with the next person. Before we charge ahead with our heads filled with vapor trails, I want to share a few cautionary tales from one of the very early Cloud adopters. (If you Google us you will see my quite dated endorsement of AWS immortalized in video and saved forever on the Cloud).
Costs - This is the real Red herring-Cloud does not intrinsically save IT costs over the long term. Create your Total Cost of Ownership (TCO) model out far enough! Modeling out 8-10 years for substantive business critical applications, while faithfully adding in upgrades and hardware renewals, will reveal the break point between owned and subscription based licenses. Does this inflection point in the future occur time you can live with? Remember not all CIOs have a 24 month turn over.
It does the vendors, especially the large ERP and Bl vendors, a great favor of turning you into a reliable long-term revenue stream. This is forcing the vendors into claiming unwarranted Cloud success, hoping for this to become their reality.
Whatever your planning cycle, the earlier you can work with your senior people to educate them and get them to buy into this new concept for financing IT investments
Customization - Is the target application a commodity service or a commercial differentiator? - You can get a customizable platform if you need it, be sure you really need it. True edge applications and even essential systems such as email are not core differentiators for most of us, here you can afford to rely on true multi-tenant pure play SaaS solutions. Customization is where the rubber hits the road and it might be worth the extra costs to own your own licenses even hosted in an laaS or choosing a Cloud vendor that has architected its offering to support custom layers and seamless integrations. “To your own criticality map be true”.
Connectivity – Where performance will expose itself to your end users, will be directly linked to the bandwidth and the quality of your ISPs. Bringing internet egress points close to your end users and designing your network and security accordingly, are keys to success. When you are geographically dispersed, probably having multiple ISP deals, telecom expense-management becomes more important than ever. It may be prudent, depending, on your criticality map to ask some hard questions. How long can you work offline? Can you build a “store and forward” capability for transactional data in critical sites? How much is worth to you to have that last mile covered by two ISPs and two terminations?
Contracts - Ensure you are correctly covered; guard against vendor lock in with termination and data extract clauses that give enough time to get your data back, in the format, and media, you can use. I have experienced some cases where periodic data backup on another Cloud service is a wise precaution. Ensure you have security audit rights, how often can you review the SSAE16 but more importantly, what is the mitigation if there are findings you cannot live with? Will the vendor contract include timely remediation and secondary reviews? What are the penalties if the remediation fails? Be careful of termination clauses for fault; ensure you know who bears the close out costs in all cases. The most commonly ignored termination is where the vendor terminates you for cause! Ensure you know what happens to the core code you now rely on to operate your business in case of bankruptcy and buy out.
If you are SOX compliant you may want to involve your auditor before entering the contract. In the Cloud, system logs are mostly unavailable. Ensure the auditors are happy with the segregation of duties between the vendor and your staff and they can live with the audit capabilities provided.
It may sound obvious but ensure you have backups, disaster recovery, and multi-site high availability built into the contract. This includes periodic testing and examination of results. Nearly all Cloud vendors have complex, on-line nested contracts consisting of links branching off multiple times. Finding all the relevant terms can be a challenge! Make copies and log the document numbers and dates of the terms you are agreeing to. The vendors reserve the right to change these connected terms ‘at will’ and it’s your responsibility to ‘remember’ what was in effect when you signed the agreement. “So boring”, but you will thank us later!
Capital - Most Cloud services are just that, services, and hence are not eligible for traditional capitalization. Working with you senior financial executives to get them behind the change to an IT expense portfolio is essential. The C level must be behind this move or your Cloud dreams will remain just that “dreams”. Whatever your planning cycle, the earlier you can work with your senior people to educate them and get them to buy into this new concept for financing IT investments, the sooner you will be able to move ahead with that secure feeling of no surprises coming your way. Oh, and don’t forget your Risk team, your insurance portfolio will need reviewing considering this Cloud on the horizon.
These are by no means arguments against the Cloud but just a cautionary tale. Make sure you know what you want, and how to get it! I am still an enthusiastic supporter of a Cloud First strategy.