Read the fine print in cloud contract discussions
"This era of the always-on business means companies cannot afford not to have access to their data for extended periods of time. The financial and reputational repercussions could be significant and potentially result in the closure of the business. Service providers, therefore, need to be evaluated on how they meet the organisational business requirements to ensure the company is protected and the data is available in the event of a disaster," he says.
As with any contract, decision-makers need to read the fine print to gain a complete understanding of what they are entitled to when moving to the cloud services provider. Things to be considered include who is responsible for the continuous availability of the corporate data of your business? If there is a security breach or if the data is lost or becomes corrupted, what is your recourse?
Understanding the value data
"These questions should form the basis of any contract negotiation with the services provider. They should be clearly defined in the contract or agreement before the final decision is made on migrating. Out of this, the most pressing issue is putting a value on organisational data."
Olivier says most companies do not really understand the value of their data until it is lost or no longer available. And if the data is not properly valued before the contract is signed, how can the business expect the services provider to pay out millions of rands when there is a problem? "The willingness of the service provider to negotiate on the value of data should already provide the decision-maker with a sense of whether there will be a business fit. If they refuse to accept liability for any data loss, then you should evaluate whether you want to take responsibility for all the risk yourself.
The multi-tenancy approach
Another important consideration revolves around the multi-tenancy approach of a services provider," says Olivier.
While sharing one platform or server between ten different customers might make business sense, the decision-maker needs to carefully evaluate how such an arrangement impacts on its own compliance measures. Does such a service provider align with the always-on requirements of your own organisation or are sacrifices made to be more efficient?
A specific code of conduct
One of the ways to address this, says Olivier, is to have a local regulatory standards board that decides the basic criteria around data and its hosting. After all, insurers need to comply with a specific code of conduct so why not cloud providers?
"Having availability of data, more so when it is from the modern data centre becomes a business essential in the competitive market today. And while this is a global concern, South African business are under additional pressure when it comes to things like the Protection of Personal Information Act (Popi) and other regulatory requirements."
He feels that this means local companies cannot blindly rush into contracts with cloud providers. The same holds true for the service provider. They need to see how their solutions and value proposition meet the expectations of the potential customer. After all, both parties will be required to work closely together. Decision-makers from both sides need to look closely at contracts. This also ensures that an organisation works with a service provider who understands the local market dynamics and can be a trusted advisor.
"By working with a services provider who has the experience and understands local market concerns, a company does not have to be hesitant about the cloud. Using someone who can bridge the gap between always-on requirements and the ability of IT to effectively deliver availability, means that decision-makers will have the peace of mind required to embrace cloud and virtualisation services. In addition, the services provider will also be able to get value out of working with a company who understands the need to utilise technology to such an extent," he concludes.