Are you confident in the long-term viability of your current cloud service provider (CSP)? Though many companies have short-term needs or a current project in mind when selecting a vendor, the long-term viability of the CSP cannot be overlooked. While the CSP selected a few years ago may have been an economical or strategic decision at the time, that same CSP could be a challenge to integrate into your future environment and ultimately be a burden.
It is the customer’s responsibility to proactively audit, survey, and understand the digital maturity of their third-party system providers before starting any transformation programs. You should evaluate these platforms and systems with the same lens you evaluate your internally developed and supported environments. Failing to do so will not only make it impossible to develop a realistic digital roadmap but will also put any enterprise digital transformation program at risk for unanticipated delays or mitigation expenses. Here we list some of the risks of partnering with not-so-viable CSPs.
Risk 1: System Availability Issues
At one client company, the digital immaturity of a third-party specialized application supplier significantly interrupted daily operations over an extended period of time. The company began to experience operational disruptive application stability and system availability issues with a function-specific third-party system. They later learned the provider withheld important information – they were moving from their current private cloud to a new hosting provider.
Unfortunately, the client didn’t have contractual language or a Master Service Agreement (MSA) to hold the vendor responsible for system availability or for prior notification of significant system changes. If these were addressed in their contract, they could have avoided or minimized disruption to business operations, or at least been positioned to receive credits for the downtime. However, if they considered the long-term viability of the CSP and a suitable MSA during the vendor evaluation, they may have been able to avoid or minimize these issues altogether.
The Takeaway: Occasionally procurement and IT are not included in Software as a Service (SaaS) contract discussions. Contracts developed solely between enterprise functions and CSPs are often weak on the client’s availability needs. Review your existing CSP MSAs and contracts to understand how you are protected for system availability and the CSP’s contractual response. When considering a new CSP, it is critical you clearly articulate your requirements and expectations for system availability and change notification.
Risk 2: Limited Integration Abilities
When evaluating CSPs, it is critical to question which applications they can currently integrate with as well as any future integration abilities they have planned. If they have none, that might be a red flag. In fact, we have even seen organizations incur additional development costs and delays during a transformation project due to a third-party provider’s inability to interface directly to a prominent and well-known cloud application because no web services or APIs were available for the third-party application.
The Takeaway: Large global systems (Oracle, Salesforce, SAP, Workday, etc.) do not build integration solutions for every third-party application or hosting environment – this is your responsibility. Inform current and future CSPs of your transformation plans and prospective new technology partners and ask them to share their technology roadmap. Don’t shy away from asking direct questions about how they are transforming themselves to be viable in the everchanging technology environment and how they view themselves contributing to your roadmap.
Risk 3: Future Security Threats
When thinking about security in general, it’s not just about the obvious — SLAs, uptimes, credit structures, etc. Most important are the supplier’s future capabilities which truly viable vendors tend to address upfront. For example, Microsoft’s and Google’s messaging often addresses future problems – the ones you’re not even aware of yet. That’s harder for smaller boutique providers to do.
Though it can be challenging, the key is to get your prospective provider to focus on future capabilities and provide levels of commitment. It is also beneficial to look into where they are investing because you’re not just buying their current solutions, but also their future state capabilities.
The Takeaway: Ask current and potential CSP providers to share their owned responsibilities, shared roles, and your obligations on security management. Understand where your data passes and resides and understand when and where your data is encrypted. You should also ask how the CSP supports your internal and government compliance obligations.
Blog continues below. [Click graphic to enlarge]
Risk 4: Potential Acquisition
If your CSP is acquired, your terms and support will change. While you can’t predict an acquisition, you can negotiate contractual language that protects your data and includes vendor obligations upon termination. Also, look at the cloud provider’s financial robustness including revenue streams and venture capital to assess the likelihood they will be around in the long-term and able to grow and support your organization.
The Takeaway: Gaining access to a provider’s financial information can be challenging if the CSP is a privately held enterprise since financials and potential acquisitions are usually not publicly discussed. Press for financial information and include your internal finance and risk management teams in these discussions.
You are not excused from reviewing your existing CSP MSAs and understanding how you are protected if the CSP is acquired or were to become insolvent. The criticality of this issue is directly related to how much your enterprise depends on the availability of the CSP. Discuss your concerns internally first, then discuss with your CSP to resolve or understand everyone’s contractual obligations.
Do Your Due Diligence
Many companies are considering transformation programs that will be supported through various hybrid configurations and involve integrating on-prem, cloud, third party, and proprietary legacy applications. We recommend talking to your CSP sales and technical representative in advance of any significant program launch, just like you would with your internal teams supporting legacy systems. You may strengthen internal partnerships if you include functional, technical, procurement, and legal team members during these discussions.
Openly discuss your concerns about real or perceived potential challenges or barriers of integrating the legacy CSP into your next transformation program. Have legacy and new potential CSPs demonstrate how they will resolve integration and data issues. A good CSP will already anticipate the need and will provide a working solution or will work with you to resolve the issues to retain your business.
These are just a few risks of failing to assess a CSP’s long-term viability upfront and a few mitigation strategies. Though most organizations know the long-term viability of CSPs is important, too many avoid addressing the issue head-on. When evaluating any service provider, always consider how their capabilities align with your future roadmap and challenge the vendor to demonstrate their viability. You could save yourself from some serious future headaches if you do.