Ensuring a viable and sustainable business case and improved business performance from the adoption of cloud computing-based services

A large proportion of Fortune 500 organizations are now using or planning to use cloud computing based services. A recent global survey of Chief Information Officers and IT executives found that 60% of CIOs in the US and 48% in Europe are pursuing a cloud computing approach 1.

The main benefits cited include:

1. obtaining greater flexibility for the organization

2. reducing costs

3. increasing operational efficiency

4. using a cloud computing approach as a strategy for pursuing new technology developments.

As a result, many CIOs are taking an experimental approach to cloud-based solutions to drive IT-enabled business innovation.

Complementing increased buy-side demand, the market for cloud-based services is dynamic and rapidly growing. The range of providers is large and varies from new start-ups to established IT service providers, with many organizations investing millions of dollars to develop new cloud-based services. The range of cloud-based services is wide and includes business and IT services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), for both B2B and B2C markets. To add to the complexity, cloud-based service offerings are also being integrated with existing BPO service offerings. Given each of these elements, worldwide cloud-based services revenue is projected to reach nearly $150 Billion by 20142.

In parallel with the adoption of innovative cloud-based services, a majority of organizations continue to use strategic outsourcing as a critical component of their service delivery. The same global CIO survey highlighted that 62% of organizations outsource application development and 53% outsource IT infrastructure. Offshoring remains a key strategy too, with 90% of organizations expecting to maintain or increase their offshoring activity.

Yet, despite the seductive benefits of adopting cloud-based services, there remain significant risks and operational and legal challenges in adopting outsourced cloud-based services, especially for large and medium-sized enterprises and regulated industries. For example, the City of Los Angeles, which is adopting Google’s cloud-based email services for over 30,000 employees to save millions of dollars per year, experienced delays in implementation due to security concerns3. Additionally, Eli Lilly, a global pharmaceutical firm, recently ended negotiations with Amazon to expand their use of cloud-based services due to reported concerns around legal liability and indemnification obligations4.

The key question is how should organizations contract and prepare for outsourced cloud-based services to ensure a viable and sustainable business case, reduce operational and legal risks and deliver improved business performance?

To answer this question, three key elements need to be addressed which will assist in both achieving better business benefits and lowering costs, while identifying a risk level that is known and that the organization can accept:

  • Adopting best practice customer-focused, performance-based contracts for cloud-based services
  • Adopting an optimal multi-sourcing strategy for cloud-based services that integrates with the wider shared services and outsourcing strategy
  • Enhancing governance and management capability to manage ‘in the cloud’ and ‘across clouds’.

Adopting best practice customer-focused, performance-based contracts for cloud based services

Currently, many cloud-based services agreements are not best practice from a customer perspective. These agreements are often short-form (or even click-wraps), supplier focused, and fail to appropriately address the significant operational and legal risks inherent with cloud-based service offerings, which outsourcing arrangements generally outline. As such, these agreements are not structured to deliver the right performance outcomes and have an inappropriate allocation of risk, shifting many significant risks to the customer. Additionally, these exposures need to be considered when adding cloud-based services to existing outsourcing agreements, since these agreements typically are not structured to address the risks associated with cloud-based services.

Click here to see a table which highlights the key issues that need to be addressed in cloud-based service agreements. These issues can be resolved via various means, depending on the type of cloud services involved (eg, SaaS or IaaS) and the degree to which the services are critical to the customer’s operations.

The allure of cost savings can blind customers to the current risks of commodity cloud-based service offerings. Two of the most critical issues surround data security and privacy. Form agreements for cloud-based services generally lack detail on key customer concerns regarding data storage and protection, with the supplier taking on minimal obligations and liability for ‘data spills’ and other potential data security failures. Additionally, these agreements do not adequately address compliance with privacy laws and regulations, which can be of significant concern when customer data includes personally identifiable information. Customers need to address how and where the data is stored, standards regarding data security, and requirements for specific data security infrastructure and testing to avoid unanticipated risks and liabilities.

Similarly, commodity cloud-based service offerings typically do not have robust service level requirements and do not adequately address rights and obligations in the event of a service failure. Without additional and specific requirements, these SLAs may simply be objectives which do not measure the key performance indicators, and may not adequately protect an enterprise using the cloud-based service to support critical business operations.

There are, however, certain mitigations emerging to address these risks. For example, to mitigate the unknowns of ‘which law applies’ to a service being offered in multiple jurisdictions (some known, some unknown), suppliers are agreeing to have the law of a particular jurisdiction apply (eg, State of New York, US law), and resolving all disputes in a mutually agreed upon jurisdiction. Similarly, negotiated cloud-based service agreements require the supplier to comply with all laws (in all jurisdictions) with respect to its provision of the services, including allocating specific risks as appropriate.

Adopting an optimal multi-sourcing strategy for cloud that integrates with the wider shared services and outsourcing strategy

As the adoption of cloud is in its infancy, a majority of organizations will pursue a hybrid strategy of outsourcing certain key services – some of which are outsourced in the cloud – and retaining other key service delivery functions, often as part of an internal shared services organization. Such a strategy ensures an appropriate balance of flexibility, benefits realization, innovation and risk management. Adopting the best multi-sourcing strategy requires multiple key elements for success:

  • Customer-focused services must be defined in a standardized way from a customer viewpoint, not a provider viewpoint
  • Interface points between cloud/non-cloud providers, between outsourced/non-outsourced providers, and among cloud providers must be clearly defined
  • Cloud providers must credibility demonstrate strong integration and implementation capabilities (or partner with others who provide such capabilities)
  • There must be clear line of sight and transparency across the multitude of cloud and non-cloud providers of how customer business benefits are delivered, and at what cost, investment level, and risk
  • Escalation points for issue resolution must be clear so that multiple cloud and non-cloud providers are
  • accountable for finding solutions to anticipated and unanticipated problems, and to avoid ‘finger pointing’
  • There must be a consistent approach to how incidents, problems, changes, and configurations are managed. Structured frameworks such as the IT Infrastructure Library (ITIL) are available to accelerate the adoption of such practices
  • End-to-end customer service performance measures must be in place and enforced.

These actions improve the business case for cloud adoption by explicitly recognizing the impact of cloud-based service offerings as part of the organization’s wider shared services and outsourcing strategy, and ensuring that benefits and costs are well defined in advance of the adoption decision. These actions also recognize that a sustainable business case for cloud-based services is not based just on short term or ‘year one’ cost savings and that a medium and longer term perspective (over three to five years) is critical. It should be recognized however, that through a combination of market immaturity and the commoditized packaging of cloud services, many of these sound principles will be difficult to enforce with suppliers. Therefore, do not expect to find integration capability, problem ownership and management and customer-focused service levels as standard offerings. Much of the classic service management responsibilities will remain with the customer for the foreseeable future. In a multi-sourced environment, this may represent a significant on-cost that needs to be understood.

Enhancing governance and management capability to manage ‘in the cloud’ and ‘across clouds’

For many organizations, managing in the cloud will require changes to governance and management capability. For example:

  • Customer expectations on the speed of adoption and the immediate realizable benefits of new cloud-based services are high, so this will need to be managed closely
  • Many cloud-based services are adopted by business organizations, not IT organizations, which means governance and management structures will need to cross traditional business – IT ‘silo’ boundaries. Traditional approaches to IT governance may no longer be sufficient when cloud-based services combine business operations and IT services
  • Many cloud-based services offer seductively low ‘entry’ costs but few, if any, guarantee longer-term pricing. For a customer, the value proposition in an outsourced deal can be lost after the deal is signed by the need to make legitimate changes, which are often priced to deliver a higher margin for the provider than the upfront deal. This means that governance and management capability needs to be increasingly focused on the post-deal aspects to ensure that the business case remains sustainable over time 
  • Buyers may underestimate the implementation complexity of adopting cloud-based services, resulting in higher implementation costs, timescales and risks. As such, more capability needs to be developed to manage cloud-based project implementations 
  • The market for cloud-based services is dynamic and is rapidly increasing in scale and complexity – the governance and management organization must invest in staying informed about market ‘best practice’ and become an ‘intelligent buyer’
  • The governance and management organization must be incentivized to ensure that high performance is delivered by both cloud and traditional service providers
  • New skills and competencies in managing cloud-based services must be built (via training and development) or bought (via recruitment).

Our conclusion

The successful adoption of cloud-based strategies remains a challenging and evolving area. By adopting best practice cloud contracts, implementing an optimal multi-sourcing strategy for cloud-based service offerings, and enhancing governance and management capabilities, organizations can navigate and manage the turbulence of the cloud and deliver a viable and sustainable business case for change that will successfully improve business performance and deliver the required business outcomes.