Cloud Computing can help organizations to bring innovations quickly and with relatively low costs to the market. It can also enable new and agile business models. However, if not properly provided it might as well disrupt your business to a severe extent. This latter case can be avoided by carefully reading the contract with the provider.
Cloud Computing has undoubtedly a lot of advantages, especially for small and medium enterprises. First of all, it makes IT services affordable that otherwise only large corporates are able to use. Thus they can enter into direct competition where because of their often larger flexibility the smaller businesses stand a good chance to win. By using the cloud they can even stronger focus on their core business. They don’t need to struggle with different IT vendors and platforms. Furthermore, the cloud allows rapid adoption of new services without which innovation would not be possible.
However, where there are benefits there are in most cases also risks involved. Cloud Computing for instance can easily become a disruptive factor to the business itself. If you don’t believe this just read carefully the standard contract your chosen provider handed over to you before signing it. You will often find some points that might become a threat to your business, especially the parts that cover service availability, end-of-service and the possibility of changes. Did you know that some Cloud Service Providers (CSPs) are able to go out-of-business at any time? They can also change their services with short prior notice, sometimes they don’t notify at all. Last but not least you will hardly find any clauses that guarantee upwards compatibility of APIs (Application Programming Interfaces) provided by the cloud service.
The relationship between CSP and tenant is usually “uneven”. The latter has to pay for all extras, frequently called Managed Services – even for those that should be unquestionably included in any cloud contract. This way the customer has to pay more for letting the provider take over more of his normal responsibility. Some CSPs like to call that “value-added service”. I would like to hear the opinion of their legal department to these kinds of offers. CSPs should be liable for service breakdowns as well as data breach or loss. Usually they deny that responsibility.
CSPs regularly also disinclude liability in their contracts for damages on the tenant’s side as a consequence of a longer outage. Surely it is not always the CSP’s fault if a service is not accessible. But where it is, availability guarantees are worthless if not connected to penalties.
Well, certainly not every CSP is a bad guy you can’t trust. There are also some reasons that explain the way the contracts are designed the way they usually are. And these are not only goodies for the provider like avoiding liability issues. One good reason is the flexibility of changing services for quickly improved capabilities and security. Quarterly patch windows are e. g. not safe enough in our times of zero-days attacks.
However, feature and API changes might become extremely disruptive. When users are confronted with a new user interface or features have been replaced, this might lead to enormous irritations, not only for employees but also for customers. Just because the CSP thinks a feature is useless and deletes it you don’t have to think so too. Feature changes might even hinder some applications from working at all. API changes can negatively influence the integration between cloud services or between an on-premise application and the cloud. They might also have a bad affect on customizations. Even if you use mostly standard services you need to do at least a little bit of customization. Moreover, business applications in the cloud like CRM or ERP need to be integrated to function optimally. That’s why APIs must become upwards compatible in cloud contracts. For this better software design is necessary, which is feasible in connection with a major upgrade. When features are discontinued customers have to be informed way ahead to be able to prepare for the event.
Companies must be aware that relying on a cloud service, especially SaaS (Software as a Service), might lead to severe disruptions of their business. They have also to be prepared for availability issues. Customizations and integration work need to be done with the knowledge that changes can happen any time. There must be an exit strategy if a service is ended or the CSP goes out of business. This also avoids a vendor lock-in which sometimes is the result of long-term initial contracts. If a contract ends, the user should get his full data back immediately without any further costs.
The cloud is not bad in itself. The right CSP for your business sees the cloud benefits from your perspective, not only from his. For this he has to understand your main issues and challenges. Compared with on-premise service, cloud services score better in many areas, for instance high availabity is a lot cheaper in the cloud. If users see the pitfalls in time, they’ll benefit from the cloud without suffering from severe disruptions to their business.
Martin Kuppinger is Founder of the independent Analyst Company KuppingerCole and as Principal Analyst responsible for the KuppingerCole research. In his 25 years of IT experience he has already written more than 50 IT-related books and is known as a widely-read columnist and author of technical articles as well as reviews and is also a well-established speaker and moderator at seminars and congresses. His interest in Identity Management dates back to the 80s, when he also gained considerable experience in software architecture development. Over the years, he added several other fields of research, including virtualization, cloud computing, overall IT security, and others. Having studied economies, he combines in-depth IT knowledge with a strong business perspective.