Multi-cloud relationships and subcontractors can be an issue when using some cloud providers. For example, a Customer might start out slow with Cloud Computing and enter into a SaaS service just to get a feel for how all of this works and to satisfy an immediate need that the internal IT department cannot quickly fulfill.
That SaaS service might be from a Cloud Computing company that relies on a couple of colocation data centers in Europe and the U.S. for the basic infrastructure. The colocation data centers are owned and operated by another vendor and they just lease the space to the Cloud Computing service. The network security might be handled by a major telecommunication vendor. The software underlying for the SaaS is partly based on open source and partly by a major commercial vendor that entered into a reseller agreement with the Cloud Computing provider. In this one example there are at least five independent companies involved in the Cloud Computer scenario.
Many SaaS providers build their software in the clouds of other providers, who in turn may outsource processing to other providers, and so on. Some companies act as cloud service bundlers – pulling together multiple SaaS services together from different SaaS providers and providing a seamless package. An organization might have a contract with the bundler, but may actually be dealing with several other entities.
Divergent privacy laws around the globe mean that a customer must determine which cloud subcontractor is doing the processing and where that processor’s data centers are located. Further, a customer may have no or limited contractual rights against sub-providers several steps removed from the “up front provider.” Contract rights obtained from the upfront cloud provider may be meaningless unless sub-providers are subject to similar contractual requirements. Managing and retrieving data may be difficult if the data is several steps removed from the original cloud provider. For example, if litigation is filed and e-discovery requests are made, a customer may not be able to adequately preserve and retrieve data stored by a sub-cloud provider.
With just a casual read all of this can become confusing, but understanding and mapping contractual arrangements described above are not that difficult and sufficient time should be allotted during the contracting phase of negotiations to ensure the EVERYONE understand the inter-relationship and liabilities carried by each party. A quick experiment can become a major headache if these relationships are not fully documented.
Let Daniel L. Ruggles and the team at PM Kinetics, LLC help you navigate the complexities of Cloud Computing, Sourcing & Capital Planning, Vendor Management, IT Security, and Infrastructure planning & execution.