Best Practices for Cloud Computing Success

Cloud computing has the potential to improve operations for governments through increased capabilities, heightened efficiencies and cost reductions. However, the benefits of cloud solutions need to be weighed against the potential issues and risks. The IBM Center for the Business of Government has published Cloudy with a Chance of Success: Contracting for the Cloud in Government. This report analyzes five public sector contracts in North Carolina and uncovers twelve main issues with government cloud computing.

Following is a brief summary of the best practices identified for handling major issues:

Issue One: Pricing

To ensure the best economic outcome from cloud computing, current and future pricing must be addressed.

  • Negotiate all pricing at onset (initial costs, maintenance, renewal)
  • Pre-negotiate expansion/special service fees
  • Set minimums to avoid being locked in

Issue Two: Infrastructure Security

It’s vital a cloud vendor understands the importance of confidentiality and security in government data storage.

  • Specify the right to third-party audits of vendor’s security/infrastructure
  • Specify the need for data segregation
  • Monitor data services remotely and physically

Issue Three: Data Assurances

The issues of data ownership, public record access and litigation holds can be complicated by cloud storage.

  • Specify who can access/retrieve data
  • Specify procedures in case of data breaches or contract termination
  • Explain the Freedom of Information Act and how it applies to government data

Issue Four: Governing Law, Jurisdiction, and Forum Selection

Data stored in a location outside a government’s jurisdiction may fall under jurisdictional disputes.

  • Specifically state the venue for arbitration

Issue Five: Service Level Agreements (SLAs)

Service level agreements cover all aspects of a vendor’s service, including data availability, performance, and procedures for handling issues.

  • Specify minimum levels of service
  • State procedures for dealing with specific issues
  • Declare penalties for non-compliance

Issue Six: Outsourced Services

Many cloud vendors outsource aspects of their business. This adds potential for service issues, security vulnerability, and breaches of confidentiality.

  • Require disclosure of outsourced functions and provider names
  • Require written approval to outsource government cloud services
  • State the cloud vendor assumes responsibility for all aspects of service, including outsourced services

Issue Seven: Functionality

There is a reasonable expected level of functionality with cloud services. Vendors must comply with these levels.

  • Require detailed descriptions of services, including how each service should function
  • Require notices of changes to services
  • Include termination procedures in the event of changes to service functionality

Issue Eight: Disaster Recovery

The risk is minimal, but catastrophic data events do happen.

  • Specify the right to onsite inspections to monitor for data loss
  • Specify disaster recovery procedures
  • State penalties for failure to comply with procedures

Issue Nine: Mergers and Acquisitions

During a contract, it’s possible a service provider may change ownership.

  • State all contract terms are binding on successors, and no changes may be made without written consent

Issue Ten: Compliance with Laws, Regulations, and Other Standards

Government data storage is subject to multiple laws and regulations. A cloud vendor must abide to meet government needs.

  • State cloud provider must comply with governing laws and regulations
  • Detail specific standards that must be met
  • Specify liabilities of vendor in accordance with the law

Issue Eleven: Terms and Conditions Modification

All vendors have terms and conditions under which they operate. Changes to these terms may have an effect on service.

  • Require notification when terms and conditions are modified
  • Specify contract termination procedures in case of extreme modification

Issue Twelve: Contract Renewal and Termination

Changing cloud providers is costly. This makes it imperative to include renewal terms in original contracts.

  • Specify whether contract renewal is automatic and the length of notice required for termination
  • State no reason must be given for contract termination
  • Restrict the right of vendor to terminate contract without providing prior warning and the opportunity to correct issues

During the case studies, three major lessons emerged.

Lesson One: Technically and legally sound contracts require the cooperation of IT and legal professionals. IT ensures technical soundness. Legal professionals ensure legal requirements are satisfied.

Lesson Two: Cloud contracts are negotiations. Involving general counsel, IT and procurement experts results in the best functionality and service.

Lesson Three: Cloud contracts involve risk calculation. Governments must know which contract provisions are mandatory, and must seek alternate providers to get the best solutions.

facebooktwittergoogle_plusredditpinterestlinkedinmailfacebooktwittergoogle_plusredditpinterestlinkedinmailby feather