Spend Matters welcomes another guest post from Jeff Muscarella of NPI, a spend management consultancy focused on eliminating overspending on IT, telecom and shipping.
Last week, I spoke with Joel Schectman, a reporter with the Wall Street Journal’s CIO Journal blog. He wrote a post on what companies can do to protect themselves when their cloud vendor goes bankrupt. He began his story with a cautionary tale of Nirvanix, the San Diego-based company that powered IBM's SmartCloud Storage service:
When cloud provider Nirvanix Inc. first announced it was closing its doors last month, IAC/InterActiveCorp. IT director Marc Morales, was unsure how much time he had to transfer his data to another vendor. The form email sent by the faltering vendor on Sept. 17th said he had until Oct. 15 to remove his 70 terabytes of data from Nirvanix servers. But Mr. Morales had read other accounts in the media indicating he would only have until the end of September before service was cut entirely. Either way, as rumors about the company spread, no one at Nirvanix responded to Mr. Morales’s inquiries. “It was worrisome,” Mr. Morales said. “When we did the calculations, we estimated it would take us 25 days if everything went perfect. If Sept. 30 was the real deadline we wouldn’t have made it.”
Vendor viability is a concern for every aspect of the IT ecosystem. But when it comes to cloud computing, the issue is greatly magnified. So how do you protect yourself against the risks of a vendor bankruptcy?
Due Diligence: It goes without saying that due diligence is of utmost importance as companies outsource more of their IT operations to cloud vendors. Demand and perform due diligence on vendor health. Companies should conduct a diligence check on the vendor to determine financial health, use of subcontractors/third-parties, physical locations, jurisdiction law, etc.
Backups: To the extent that it’s possible, enterprises should back up the data they provide to their cloud provider. Companies can also ask the cloud provider to provide a copy of backed-up data at frequent intervals. In the least, they will have reasonably current data to work with in the event of a hasty service disruption.
Companies may also want to consider encrypting their data with private keys to protect against it falling into unknown hands should a provider go under, be acquired, or experience a contract dispute.
Ownership of Data: It is critical to establish data ownership with the cloud provider. Service contracts must stipulate that the customer owns all data and information provided by or obtained from them. The contract should also clearly explain that the cloud provider has no legal or equitable interest in (or claim to) such data and information. Cloud providers need to acknowledge that such data and information will not be considered by the cloud provider to be part of its bankruptcy estate. Lastly, businesses should require the cloud provider to notify them immediately of any determination that it makes to file for bankruptcy protection, and to turn over a copy of all of data in a medium that can be easily used by the customer.
Transition Assistance: Even in healthy vendor circumstances, transition assistance should be clearly specified within a vendor agreement. At some point – whether it’s because the vendor closes its doors or because you simply decide to switch vendors – critical (and voluminous) business data will need to be moved. Specifying termination costs and data transfer guidelines upfront in the contract makes this process far less painful (not to mention less costly).