In my last post, I outlined some of the challenges technology vendors often face when confronted with customer demands that don’t meet the vendors’ cloud providers’ contractual obligations. Now let’s talk about some of the strategies I’ve used to bridge these gaps when negotiating with the cloud service provider.
- Get your customer and your cloud provider talking. You can explain to your customer what your cloud provider can or can’t do, but sometimes there’s no substitute for direct communication. In a recent situation, I brokered a dialogue between my client’s cloud provider and the client’s customer (after getting a confidentiality agreement signed first, of course) in order for them to determine a mutually-acceptable set of information security criteria and protocols. Those requirements were subsequently incorporated into the contract with the technology vendor and the customer.
- Get your customer requirements BEFORE signing the contract with your cloud provider. Your ability to get the terms you want are always better before you sign the cloud services contract than trying to renegotiate terms afterwards. Although it’s nice for your account exec to be able to approach your customer with a cloud-offering already in hand, many potential customers would be happy to provide you with their requirements ahead of time if they know they have a better chance of seeing them come to fruition. The potential customer may also feel extra special knowing you’re using their terms as part of your negotiations with the cloud vendor.
- Get a copy of the cloud provider’s insurance policy. Look for the kinds of insurance a cloud vendor has. Two types of insurance apply to the cloud. One is cyber insurance coverage, which relates to exposures related to the Internet environment. The other is errors and omission insurance, to protect against negligent actions. The later is expensive, and the insurance company makes an assessment of the vendor’s track record. If the provider carries E&O insurance, there is some validation by the insurance company that a cloud vendor is worth the risk.
- Conduct due diligence. Do your homework on providers. Put out a request for proposals to see what providers can and cannot do, and compare them. Use a lawyer and/or consultant to put together the RFP, preferably ones who have plenty of experience doing so. You may not ultimately be able to incorporate the results from the winning bid into your contract with the provider (although I always try), but at least you have some data with which you can potentially share with your customer.
- Get ready to assume some risk. Your customer is taking on some risk by removing its data or processes from its data center and transferring them to the cloud. You’re going to have to do the same. It’s quite likely that your large, enterprise customer is going to insist that you assume responsibility and liability that your cloud provider simply will not replicate. Price your service accordingly and take as many practical steps as you can to mitigate those risks, whether instituting your own data backups or disaster recovery measures.