1 DoD ESI White Paper Best Practices for Negotiating Cloud-Based Software Contracts Guidance on the differences between purchasing perpetual software and renting Software as a Service
2 About DoD ESI The DoD ESI was formed in 1998 by Chief Information Officers at the DoD. To save time and money on commercial software, a joint team of experts was formed to consolidate requirements and negotiate with commercial software companies, resulting in a unified contracting and vendor management strategy across the entire department. Today, DoD ESI s mission extends across the entire commercial IT life-cycle to include IT hardware products and services. DoD ESI has established DoD-wide agreements for thousands of products and services.
3 3 Executive Summary As the utilization of cloud computing grows within the Information Technology (IT) arena, it is challenging organizations to think differently about IT procurement. This paper addresses the key contractual concepts to focus on when negotiating a public cloud, Software-as-a-Service (SaaS) delivery model versus a traditional on-premises software delivery model. Under both models, use rights are still granted, but there are variations of the software use terms and conditions, especially in areas such as licensing and costs. From an overall contractual perspective, most terms and conditions remain the same between a traditional on-premises software perpetual licensing contract and a SaaS contract, since the same software and functionality are being supplied by the software provider. However, there are differences, such as Grant of a Software License and Payment Terms. When deciding to use a SaaS provider, the focus shifts from buying, implementing and managing the software application to establishing and managing the SaaS vendor relationship. The SaaS Subscription Agreement and Service Level Agreement (SLA) are critical for a successful relationship to deliver all anticipated benefits. All aspects of the relationship need to be negotiated upfront, including: Ability to request customizations, enhancements, data base queries, new reports and the negotiated costs Ownership of any software customizations or enhancements Data rights and responsibilities throughout data lifecycles Information security and confidentiality Cost and pricing metrics Additional user provisioning and usage metering Uptime and performance guarantees Issue response and resolution times Maintenance and support, including system administration, application of patches, fixes, and upgrades Disaster recovery and business continuity Contract termination conditions Knowing what to include in your contracts with SaaS providers will both maximize and protect your organization s cloud investments. Table of Contents Cloud Computing Introduction and Background... 4 Why Organizations Move to the Cloud... 6 Contract Differences: Traditional Delivery Model versus the Cloud... 7 Rights to Use the Software... 7 Payment Terms... 8 Key Points When Negotiating a SaaS Contract... 9 Underlying SaaS Agreement... 9 SaaS Service Level Agreement (SLA) Conclusion... 13
4 4 Cloud Computing Introduction and Background The term cloud computing is becoming mainstream in the IT world and has been gaining momentum within recent years. Some believe that the concept of cloud computing has been around since the beginning of the IT outsourcing industry in the 1960s when Ross Perot rented idle computing power from one company to carry out the processing needs of another (mostly during the night). The company that owned the computers monetized its down time, and the organization that needed the computing power did not have to outlay capital for equipment, thus creating a winwin situation. 1 This bartering of computing power would soon become a commodity, made possible via the Internet (the cloud) and would not only focus on using idle computing power, but now also, creating computing power for the sole purpose of providing a service to another company. As the utilization of cloud computing is increasing, its definition is expanding too. A broad definition is that cloud computing is the scalable provisioning of IT as a service using the Internet or a network. Some of the IT capabilities contributing to scalability and elasticity include virtualization and service-oriented architecture, which have helped to create various cloud models. The three main cloud computing models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS): IaaS is a provisioning model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. PaaS is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones. It adds vendor management of the operating system, middleware and runtime data base to the IaaS offering. PaaS is often used by developers to build applications on top of the computing infrastructure. This might include developer tools that are offered as a service to build services, or data access and database services, or billing services. 2 SaaS In a pure SaaS model, the provider delivers software based on a single set of common code and data definitions that are consumed in a one-to-many model by all contracted organizations anytime, on a payfor-use basis, or as a subscription based on use metrics. 3 It essentially adds data management and application management to a PaaS environment. All you have to do is connect via the Internet and use it. Some software vendors are now offering or are thinking of offering some form of SaaS model to deliver their software. SaaS is being adopted in multiple industries, such as Customer Relationship Management (CRM), human resources for talent acquisition and procurement. In addition to the three cloud models identified above, clouds can also be private, community, public or hybrid: Private Cloud is operated solely for a single organization, whether managed internally or by a third-party and hosted on or off premises. 4 Private clouds are usually virtualized cloud data centers inside an organization s firewall, or they may be a private space dedicated to an organization within a cloud provider s data center. 5 Nevertheless, in private cloud computing, access to the cloud is limited to internal users. Also, in private cloud computing, users still have to purchase the internal hardware and software, implement and
5 5 manage the solution and thus do not benefit from lower upfront capital costs and less hands-on management. Of course, these costs can still be mitigated somewhat by creating more efficient environments through virtualization or by taking the off premises route to private clouds by asking the vendor to provide dedicated resources for critical data or applications. Community cloud is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g. mission, security, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Public Cloud is the delivery of cloud services (e.g. software applications) over the Internet by a third-party provider to the general public. It exists on the premises of the cloud provider and usually includes virtualization for more efficient deployment of shared resources. Hybrid Cloud is any combination of external public cloud services and internal resources to create a solution. Hybrid cloud computing implies significant integration or coordination between the internal and external environments. Hybrid cloud computing can take a number of forms, including cloud bursting, where an application is dynamically extended from a private cloud platform to an external public cloud service, based on the need for additional resources. 6 It may exist on or off premises. In the completely off-premises hybrid model, a provider can supply a shared virtual environment along with private, dedicated, data storage space all on the provider s premises. This paper addresses the key contractual concepts to focus on when negotiating a public cloud SaaS delivery model versus a traditional on-premises software delivery model. Under both models, software use rights are still granted, but there are variations of licensing terms and conditions, especially in areas such as usage rights and licensing costs. Interestingly, shortly before the publication of this paper, The National Defense Authorization Act for Fiscal Year 2012 (H.R. 1540) changed the DoD s November 2011 statement regarding a DISA First approach to Cloud Computing. Section 2867, subsection b, paragraphs 2B (ii) II through IV of this bill stipulates a Department-wide strategy for: (II) Transitioning to cloud computing. (III) Migration of Defense data and governmentprovided services from Department-owned and operated data centers to cloud computing services generally available within the private sector that provide a better capability at a lower cost with the same or greater degree of security. (IV) Utilization of private sector-managed security services for data centers and cloud computing. 7 In response to the 2012 NDAA, DoD cloud computing strategies and policies will address use of commercial cloud services. This is further evidence that cloud computing is a significant topic for DoD. For the purpose of this paper, cloud is used to refer to the architecture setup of how software is delivered as a service via the Internet (SaaS via a public cloud). Under this delivery model, software is hosted by the software provider or a third party hosting provider off-premises from a user s facilities. It is clear that cloud computing is becoming mainstream. This is evident when nonprofit organizations such as the Open Networking Foundation (ONF) are being created. ONF was formed in March 2011 by Deutsche Telekom,
6 6 Facebook, Google, Microsoft, Verizon, and Yahoo!, ONF hopes to promote a new approach to networking called Software-Defined Networking (SDN). SDN hopes to create technology standards that can be leveraged for cloud computing purposes by creating the switching mechanism to support the OpenFlow interface. OpenFlow enables networks to evolve by giving a remote controller the power to modify the behavior of network devices, through a well-defined forwarding instruction set. This growing OpenFlow frontier includes routers, switches, virtual switches, and access points from a range of providers. 8 Cloud computing advances via OpenFlow and other new emerging technologies are examples of the shift that organizations will need to make in order to align their resource requirements to manage cloud providers. Skill sets for these roles will include individuals with strong IT vendor management and quasi-technical skills. These resources will serve as critical liaisons between IT, the business and the cloud provider. Why Organizations Move to the Cloud The number of organizations currently leveraging or thinking about leveraging the cloud continues to grow. The following statistics are indicative of reported trends: The following paragraphs list the most common benefits for choosing a cloud delivery model over a traditional delivery model. Cost Reduction: The government s plan to migrate large amounts of IT services and IT assets to the cloud is expected to help the government save millions of dollars and reduce its infrastructure footprint by more than a third by By choosing a cloud delivery model for your needs, you save the cost of building and maintaining your own infrastructure to run the software, just as Ross Perot s customers did many years ago. Since renting the right to use software as a service can be less expensive in the short term than buying a perpetual software license outright, you save money on the cost of the initial investment by only paying for what you actually use and not paying for what you may use in the future. Therefore, your total cost of ownership (TCO) may be reduced depending on the discounted upfront costs, lower operational costs by not having to implement and maintain software in-house, and other benefits realized by choosing a cloud delivery model. Note: See Appendix 1 for a basic costing model to compare various deployment models. A detailed examination of cost-benefit will be provided in a future White Paper. 28% of US organizations are using cloud computing. 9 21% average annual savings for applications moved to the cloud. 10 By year-end 2016, more than 50% of Global 1000 companies will have stored customer-sensitive data in the public cloud. 11 However, it is important to mention that each organization s specific use scenario should be analyzed on an individual basis. Whether or not a cloud delivery model offers a cost avoidance over perpetual software in the long run must be determined. The cost analysis will differ depending on an organization s preferred return-on-investment (ROI) timeframe (e.g. 3 year ROI vs. 5 year ROI, etc.) and TCO determinants.
7 7 Speed and Flexibility: Many of today s information technology teams are plagued by having too few resources to keep up with constantly evolving internal demands. With cloud computing, organizations are realizing the benefit of having flexible solutions, where they can scale the software service up and down as needed within a much quicker timeframe. The initial deployment of software via the cloud or adding more users to an existing SaaS delivery model can be faster and less expensive than traditional non-cloud models due to the reduction of complex procurement and deployment cycles (e.g. not needing to obtain and install a new license key for additional users). Additionally, many SaaS providers include self-service provisioning for adding functionality and new users. Greater Connectivity and Mobility: By using cloud services, you can access your software and inherent data from any device that has access to the Internet (assuming your chosen software also has a mobile device interface or native application). Heightened Security: Leading cloud providers often have cutting-edge, secure, and traceable data access trails. 13 Most cloud servers will be hosted in physically secure data centers with strict access control for their own staff and no access for unauthorized personnel. At the same time, it is interesting to note that 43% of CFOs whose organizations are implementing hybrid and private clouds are less than somewhat open to moving business-critical applications into those environments, because they are concerned with reliability, security, availability and performance. 14 Overall, cloud service providers can provide heightened security, but it is important to confirm where and how your information is being stored to ensure you are really achieving a greater level of security. Easier Collaboration and Integration: Cloud computing provides quicker speeds in which we can interact with each other and more efficient ways for completing collaborative tasks. SaaS opens up the Internet to be used for more than obtaining research information or checking . SaaS providers are now creating pre-established application programming interfaces with popular applications that their services interact with for many of their clients. This collaborative approach for sharing information and driving business results is the way of the future. The push to deliver information, websites and web-based application functionality as composable Web services is a key catalyst that is driving the delivery of everything as a service. 15 Contract Differences: Traditional Delivery Model versus the Cloud From solely an overall contractual perspective, most terms and conditions remain the same between a traditional on-premises perpetual licensing contract and a SaaS contract (e.g Limitation of Liability, Indemnification, etc.), since the same software and functionality are being supplied by the software provider. However, a few key differences are Grant of a Software License and Payment Terms. Rights to Use the Software Within the cloud delivery model, software use rights are subscription-based (you are renting the right to use the software as a service for a specific term). You pay on a monthly or annual basis for usage. This subscription fee or cost includes right to use the software, plus any software assurance/maintenance which is provided by the cloud service provider.
8 8 For a traditional software purchase, the right to use the software is normally purchased in perpetuity (you are buying a license to use the software forever). You pay one lump sum upfront and, depending on the software, maintenance fees for technical support and functionality upgrades. (The buyer gets basic warranty service for a specific period of time. Additional support beyond the warranty must be separately purchased under a separate software assurance or maintenance agreement.) It is important to understand that sometimes traditional on-premises software is also provided via a subscription or finite term where you do not own the right to use the software in perpetuity. Perpetual Licensing: The perpetual licensing model is more common for traditional on-premises software. When purchasing the right to use software in perpetuity, the full license rights may depend upon how payment terms are structured. Additionally, you may not own all of the code, since the software provider may only allow you to modify, if at all, only a particular layer of the code (object code vs. source code). This licensing model is not offered as an option for public cloud SaaS delivery models. Whether or not this licensing model would be readily utilized for a private or hybrid cloud delivery model is yet to be seen (depending on the ability to move existing applications into a private cloud instance). Subscription Use: The subscription model only allows the right to use the software service while the subscription is valid (i.e. paid up-to-date). This is the most common model for public cloud solutions. This grant of usage model may be possible for hybrid cloud solutions where you can negotiate terms such as: Pay a maximum subscription fee over a specific term and then you have the right to use the software in perpetuity or have the option to use in perpetuity for an incremental pre-negotiated licensing fee; or Break out the hosting fees versus the software licensing fees so the two are not intermingled. Payment Terms The payment terms between the cloud and a traditional software delivery model can vary greatly. The most pronounced difference is that under a traditional model you may be able to withhold a portion of the software license fees until after the Go-Live Date or Acceptance Date of your software product. Additionally, you may defer maintenance payments until after the Go-Live date. Alternatively, cloud-based solutions sometimes bundle together hosting, software licensing/use rights and maintenance fees into one monthly or annual fee. Thus, you are required to start paying for the service as soon as you authorize the cloud provider to turn it on, even though you may not be using it in production yet. For instance, you may need time to setup data integration or implement other items such as single sign-on capabilities, but the SaaS provider may still charge full usage price. Therefore, be careful to only commit to the number of users that you need upfront and ramp up your usage thereafter as demand warrants. To mitigate this practice by SaaS providers (making your organization pay for software before your users even have a chance to login into the system), see if the SaaS provider has a sandbox or proof-ofconcept environment where your associates can become familiar with the software at little to no charge before signing a contract for a specific term and number of users.
9 9 Key Points When Negotiating a SaaS Contract When organizations move to a public cloud delivery model, it s like an outsourcing engagement to a certain degree, where you rely upon the management and expertise of another party. In order to help build trust with an organization considering outsourcing, Ross Perot would remind them that his company was the IT expert by stating, You are familiar with designing, manufacturing and selling furniture, but we re familiar with managing information technology. We can sell you the information technology you need Feeling comfortable that a SaaS provider is the expert in hosting your data and managing your software application takes time. SaaS is relatively young compared to conventional outsourcing arrangements, but there are transferable concepts that can be leveraged. Much like a conventional outsourcing engagement, when deciding to use a SaaS provider, your organization is no longer focusing on managing the technical software application. Instead, it must shift its attention to managing the SaaS vendor relationship. This is where heavy IT contract negotiation, contract management and vendor management skills come into play. All rights and responsibilities that are associated with the relationship should be memorialized in an enforceable contract and effectively managed until the relationship has been terminated. 17 The specific risks to be addressed in your contract with a SaaS provider will depend upon a number of factors: The application you are using (e.g. what use purpose does it support?) How critical the application is to your business to help determine the necessary availability levels that will be demanded (e.g. is it customer facing and/or does it provide a key business function?) The data that will be exchanged, stored and maintained by the SaaS provider (e.g. how sensitive is the data, where will it will be stored and who will have access to it?) These risks can be mitigated by careful review of the SaaS provider s system setup and by the terms and conditions of your SaaS contract. The remainder of this section will cover the key negotiating points for two critical contract areas: the underlying SaaS Agreement and the Service Level Agreement (SLA). These paragraphs assume that standard software licensing terms will be included in the contract, such as intellectual property rights, indemnification, limitation of liability, warranty and cure period, etc. Underlying SaaS Agreement Ensure that the right to use the software is clear and that there are no hidden fees. For example, if the pricing metric for the service is determined by the number of users, is the metric per unique/seat users, concurrent, or only active users? Does the provider also charge for technical support users who are not really using the software application, but need ad hoc access to it? Clearly identify all of the functionality you are paying for from the provider to ensure they do not degrade this functionality over time. One good way to memorialize this in the contract is to attach a functionality matrix with screenshots of the software application as an appendix to the contract. Also, be sure to list all additional and optional fees in the contract, such as additional storage fees, custom reports, etc.
10 10 Ownership of Customizations or Enhancements Clearly identify who owns any customizations or enhancements, especially if your organization pays for them as work product developed solely for your organization (e.g. an individual branch of the provider s standard base code that is unique to your organization and for which you paid for the development effort). Data Rights and Responsibilities Include language that states who owns data during all of its lifecycle, including when data is transferred or exchanged (data in transit) and during storage (data at rest). Aso include language regarding who bears the risk for loss of data in transit. Depending on the nature of your data and how it is processed, you may need to negotiate language to affirm your organization s ownership of the results of any processing of its data that occurs on the cloud provider s systems. 18 Define and confirm a process with your provider that allows for regular backup of your data on your premises. This safeguard is important as SaaS providers can, in fact, lose data. 19 However, the need for on-premises data backup is situational, depending on the criticality and comfort level of your organization with each SaaS engagement. Possibly no on-premises backup is needed, but this should be considered. Contracts cannot totally safeguard against the risk of data loss, but they can offer additional layers of protection related to your data rights within the cloud. Define what the provider s responsibilities are in the event of 1) a security breach (e.g. ensure they provide an immediate notice if your data may be compromised); 2) an outage; and 3) termination (e.g. ensure the provider will cooperate with the return of your data in a format and manner previously agreed, and with no additional fees for the return of data). Heightened Confidentiality, Security and Disaster Recovery Confidentiality language is found in all contracts, but SaaS contracts should contain heightened confidentiality language relative to the DoD and the Federal Information Security Management Act (FISMA). Obtain detailed information about the service provider s security processes and procedures, including data flow diagrams. One way to obtain this information is to leverage a questionnaire approach. The Cloud Security Alliance s Consensus Assessments Initiative Questionnaire serves as one good example that can be leveraged to build your own questionnaire. 20 Draft these minimum security conditions into the contract and obligate the provider to maintain them throughout the term of the agreement. Ensure that the DoD is involved in reviewing and determining what data will be stored by the provider and what layers of security need to be in place. This includes making sure all applicable Information Assurance (IA) Policy and regulatory documentation is made part of the agreement reference list. Confirm how data access will be limited, including review of the different user permission roles offered, the various accessibility parameters for each role, and the administrator s access rights (e.g. ensure all users actions can be tracked). Ensure your organization has the right to audit the provider s facilities and documentation to verify that minimum security levels are in place and being enforced, including confirmation that your data is located where it should be and not being sent to a third party or being intermingled with other clients data. Ask for third-party reports regarding penetration and vulnerability results for provider s hosting environment.
11 11 Include language confirming what the provider s data storage period and data destruction policy are. Include language confirming the provider s business continuity plan, specifying redundancy requirements to include, at a minimum, data backup and recovery methods/infrastructure/ processes. Also, have the provider certify that they will participate with you in disaster recovery testing at specific time intervals (e.g. once every two years) without charge. Termination Even though providers may lock your organization in for a specific contract term and minimum number of users, ensure the ability to terminate for cause, including a continued lack of uptime specific criteria should be identified in the SLA (see SaaS Service Level Agreements below). Ensure payment terms are clear and confirm that the provider cannot immediately shut off services for late or disputed invoices. SaaS Service Level Agreement (SLA) The key components of any solid SLA should contain specific, measurable and enforceable terms and conditions that the SaaS provider must adhere to for each component of the service provided. If the provider fails to meet an obligation under the SLA, the SLA must have the teeth to help mitigate such failure from happening again. The teeth to SLAs are the specific remedies that apply when the provider s obligations are not met. The remedies usually take the form of monetary damages that are pre-agreed between the parties for specific failures and/or credits for future services. The key components to include in a SaaS SLA, as described in the following paragraphs, are contact information, issue response and resolution times, uptime and data throughput performance guarantees, and maintenance and support. Key Contact Information List all account management and technical support contact information, including mobile phone numbers. This information will change over time, but it is a good practice to include it in the SLA. The information should be reviewed several times during the year to ensure it is up to date. Identify the provider s regular hours of operation and support, and identify where their support centers are located. This is useful to know, especially if their support centers are off-shore. Ask the provider to define their escalation process and draft it into the SLA, so other persons within your organization will know whom to contact. This helps to provide information to others who will need to carry on vendor management responsibilities after the initial project team. Response and Resolution Times Include a matrix that identifies 1) the priority levels for different software modules and the diverse technical issues that can arise; 2) the provider s response times; and 3) the provider s expected resolution times for each. (Resolution times may not be guaranteed by the provider, but response times should be). Have the service provider contractually commit to at least a monthly call or meeting to review service performance, SLA metrics and any service issues. Also, keep an independent issues log to match up against the provider s ticketing system in case there are discrepancies. Ensure your organization has the final say in determining the severity level for each potential issue. Uptime and Performance Guarantees Identify the guaranteed uptime and application performance metrics needed for each software service component.
12 12 Ensure uptime and performance calculations are listed in the SLA and that they can be objectively and easily measured on a rolling basis (not per calendar month). Quantify the downtime allowed in terms of hours or days so you can truly understand the impact of downtime business needs. (For example, a 99.7% uptime would mean that there is approximately 11 allowable days of unplanned downtime in one year. A recommended approach would be to negotiate at least a 99.9% uptime, allowing for less than four days of downtime in one year.) NOTE: Even if organizations are willing to pay extra for an extremely secure environment with a guaranteed 100% uptime, it may be cost prohibitive and just not possible. Hold the provider accountable for things within their control. For instance, a SaaS provider cannot control the public network, the Internet, but they should be able to provide you with reports regarding the time it takes your data to be processed and actionable steps on their side for the specific service you are using affected by unplanned downtime. Also, they can share risk with their counterparts and ensure that the network providers they choose also have contingency plans in place to ensure uptime. Identify the provider s standard maintenance windows. Define what planned maintenance means and confirm that the provider will provide at least 48 hours notice for downtime to be considered planned maintenance. Define the calculations to be used for credits if uptime or application performance guarantees are not met. An example of an uptime formula is the following (this is not meant to be a suggested formula to be used, but only as an example). Service Level Uptime: Service Level is 99.96%. Uptime Percentage is calculated for any rolling 30 calendar days as follows: Total number of expected uptime minutes in any 30 days Uptime Percentage = Minus Total number of minutes of unplanned downtime in any 30 days Total number of expected uptime minutes in a given 30 days Service Credits: Should the Service Level fall below 99.96% for any consecutive 30 day period, the service provider will provide a credit (based upon the applicable month s charges for the period in which the Service Level failed) as noted in the chart below: Uptime Percentage < 99.96% < 99.90% < 99.50% Credit 50% 75% 100% Explain the process to obtain a credit, including the notice period needed for requesting the compensation and when and how the compensation will be provided. Confirm what type of software application service monitoring and alerts are available. Some providers now have websites that publish this information on an ongoing basis. Include the ability to terminate the entire agreement without further liability if uptime fails over a particular period of time (e.g. if uptime
13 13 drops x amount over x number of rolling days). Most cloud providers will want you to commit to at least a year of service (usually paid monthly). However, what if you sign a one-year deal and the service is down for five days straight upon the start date? Do you still want to be committed to that provider for the next 360 days? Maintenance and Custom Support Identify how many major and minor versions of the software are allowable compared to the provider s most recent generally available (GA) version. Ask about the frequency of releases and upgrades (both minor and major) upgrades upfront. Codify the notification process for releases and ensure that you can opt out of releases or upgrades (assuming that your instance is not too many versions behind their most recent generally available version). Identify the ongoing support expectations for any customizations and enhancements. This includes identification of turnaround times if custom reports that you cannot create on your own are needed (e.g. reports that require the provider s help or third-party professional services). Conclusion Today, cloud computing is another new approach to solving persistent, old IT problems, such as doing more with less, providing ultimate flexibility at very low cost and being first to market with new products. Just as the initial concerns and resistance to off-shoring gave way to intelligently governed outsourcing models, a similar trend will emerge on the cloud front. 21 One of the key challenges for cloud computing customers is to ensure contracts include the provisions needed to guarantee appropriate use rights, services, resource availability, infrastructure capability, security, system and environment support, maintenance, SLAs and other matters important to your end users and their mission. Today s buyers of these services now have to be proficient not only in matching technology to requirements, but also managing contracts and vendor relationships. Skill sets for these roles will include individuals with strong IT vendor management and quasi-technical skills. These resources will serve as critical liaisons between IT, the business and the cloud provider. They will have to ensure that cloud contracts include language that is easily understood and enforceable while not over contracting. They will also need to ensure that expected savings and efficiencies are actually achieved. About the Author Gretchen Kwashnik currently serves as the IT Supplier Management Team Leader at ING DIRECT, USA in Wilmington, DE. Her responsibilities include technology acquisition, IT contract management, IT supplier management, and the integration and management of IT project contractors. Gretchen began her ING DIRECT career in the Procurement department, drafting and negotiating IT and Marketing contracts. In 2008, she transitioned to the IT department, where she has since concentrated on technology acquisition, the software development life cycle, and the facilitation of IT projects. Gretchen has a Bachelor of Science in International Business from King s College and a Juris Doctorate from Widener University Law School.
14 14 Appendix 1 Costing Model for Cloud versus Traditional Models Perpetual On- Premises Model Perpetual Hosted Model Subscription PaaS Model SaaS Model Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Application Personnel Data base Admin Networking Engineers Hardware Engineers
15 15 1 Article, Cloud Computing Been There, Done That by Raj G. Asava. Found at: WhitePapers/Cloud_Computing. 2 Book, Cloud Computing For Dummies by Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper. Published November 16, 2009 by Wiley Publishing, Inc. Excerpts found at: 3 Article, Key Issues for Software as a Service, 2011 by Robert P. Desisto and Ben Pring. Published March 24, 2011 by Gartner, Inc. 4 Article, The NIST Definition of Cloud Computing by Peter Mell and Timothy Grance. Published September 2011 by the National Institute of Science and Technology (Special Publication ). 5 Book, Cloud Computing For Dummies by Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper. Published November 16, 2009 by Wiley Publishing, Inc. Excerpts found at: 6 Article, Key Issues for Cloud Computing, 2011 by David Mitchell Smith. Published April 1, 2011 by Gartner, Inc. 7 National Defense Authorization Act for Fiscal Year 2012, H.R. 1540, 112th Congress of the United States 8 Open Networking Foundation s website and press release on March 21, 2011 found at: https://www.opennetworking.org/about (as of September 24, 2011). 9 CDW 2011 CLOUD COMPUTING TRACKING POLL 10 CDW 2011 CLOUD COMPUTING TRACKING POLL 11 Article, Gartner s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away excerpt by Gavin Tay. Published November 23, 2011 by Gartner, Inc. 12 Article, Amazon cloud crash endangers federal websites by Joseph Marks. Published on April 21, 2011 by National Journal Group, Inc. Found at: nextgov.com/nextgov/ng_ _7729.php. 13 Article, The Healthcare Cloud Confusion: 3 Reasons Why You Should or Shouldn t Adopt the Cloud by Karin Ratchinsky. Published on September 8, 2011 by Level 3 Communications Beyond Bandwidth blog. Found at: 14 Symnatec s 2011 Virtualization and Evolution to the Cloud Survey. Found at: https://www4.symantec.com/mktginfo/whitepaper/virt_and_evolution_cloud_ Survey_ pdf. 15 Article, Key Issues for Cloud Computing, 2011 by David Mitchell Smith. Published April 1, 2011 by Gartner, Inc. 16 Article, Tips to Make An Outsourcing Project Successful. Published on April 23, 2011 by Outsourcing Smartly. Found at: ross-perot/. 17 See Wikipedia, Cloud Computing, (describing the history and application of Cloud Computing) (as of September 24, 2011). 18 Article, If It s in the Cloud, Get It on Paper: Cloud Computing Contract Issues by Thomas J. Trappler. Published in EDUCAUSE Quarterly Magazine, Volume 33, Number 2, Found at: 19 Article, Amazon s cloud crash destroyed many customers data by Henry Blodget. Found at: amazons-cloud-crash-destroyed-many-customers-data (as of September 24, 2011). 20 Article, Open source fuels growth of cloud computing, software-as-a-service by Jon Brodkin. Published July 28, 2008 by Network World, Inc. Found at: 21 Article, Cloud Computing Been There, Done That by Raj G. Asava. Found at: WhitePapers/Cloud_Computing.
16 DoD ESI is an official Department of Defense initiative sponsored by the Department of Defense Chief Information Officer (DoD CIO). Your Preferred Source for IT Acquisition Across the DoD BEST VALUE EFFICIENT LOW RISK VOLUME DISCOUNTS UNIFIED VOICE Visit DoD ESI online at Department of Defense Chief Information Officer 6000 Pentagon Washington, DC
CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE Over the last three years, well over half of U.S. companies have elected to take advantage of one or more cloud-based solutions or services, but critical
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing
Software-as-a-Service: Managing Key Concerns and Considerations A research report Publication sponsored by: TABLE OF CONTENTS Introduction: Cloud IT, including SaaS, is Real IT Managing The Key Concerns
The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared
Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession
Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,
TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF As interest in cloud computing increases, so does the confusion surrounding it. What is cloud computing? Can the technology
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
CONSIDERING CLOUD and ON-PREMISE ACCOUNTING SOLUTIONS INTRODUCTION As the world increasingly embraces a 24/7, borderless model for business, the demands on finance have never been greater. Unfortunately,
Cloud Computing Keeping Up With IT During Recession Table of Contents Introduction...3 What is Cloud Computing?...3 Importance of robust IT Systems...4 Benefits of Cloud Computing...4 Lower Expenses: capital
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services
WHITE PAPER Purchase-to-pay by ReadSoft. Automated account payables processing software Author: Wille Dahl March 2012 Copyright ReadSoft - www.readsoft.com Processing invoices in the cloud or on premises
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
Can Cloud Database PaaS Solutions Replace In-House Systems? Abstract: With the advent of Platform-as-a-Service as a viable alternative to traditional database solutions, there is a great deal of interest
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
Overview The purpose of this paper is to introduce the reader to the basics of cloud computing or the cloud with the aim of introducing the following aspects: Characteristics and usage of the cloud Realities
Financial Services the way we see it Cloud Computing in Banking What banks need to know when considering a move to the cloud Contents 1 Overview 3 2 Why Cloud Computing for Banks? 4 2.1 Cost Savings and
Realize More Success with Software-plus-Services Cloud-based software from Microsoft Dynamics ERP Cloud computing is Internet-based development and use of computer technology. Large central data centers
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
CLOUD ERP SOFTWARE PREFERENCES STUDY A study conducted by IFS North America APRIL, 2013 THE CURRENT STATE OF THE INDUSTRY BASED ON A SURVEY OF MORE THAN 200 EXECUTIVES METHODOLOGY In early 2013, IFS North
HITS HR & PAYROLL CLOUD MODEL WHITEPAPER Deciphering Total Cost of Ownership Total Cost of Ownership, or TCO, is commonly defined as the estimate of all direct and indirect costs associated with an asset
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
Openbravo Subscription and Recurring Billing Managing a Subscription-based Business and How a Technology Giant Did It 1 Presenter Jon Setuain Senior Consultant at Openbravo 2 Trusted Vendor World leader
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
WHITE PAPER 5 Ways Your Organization is Missing Out on Massive Opportunities By Not Using Cloud Software Cloud software allows your organization to focus on its strengths and outsource tough data storage
ON-PREMISE VS. CLOUD-BASED SOLUTIONS Which is Best? A Dilemma for SMBs As the price of storage and bandwidth continues to drop fast, Cloudbased services are becoming more and more attractive to small and
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
Innovation through Outsourcing Timothy Gehrig firstname.lastname@example.org David Moore email@example.com Agenda Expectations CedarCrestone Introduction Market Direction Outsourcing Solutions
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
Creative Configurations Mixing and Matching Public, Private and Hybrid Clouds for Maximum Benefits Through this year-long series of whitepapers and webinars, independent analyst Ben Kepes is creating a
Implementing Clinical Solutions in the Cloud NICK LAGROTTA Contents Introduction... 1 What is the Cloud?... 2 Service Models... 2 Delivery Models... 2 Cloud Challenges... 3 The Benefits of a Clinical Cloud...
Shaping Your IT Cloud Hybrid Cloud Models Enable Organizations to Leverage Existing Resources and Augment IT Services As dynamic business demands continue to place unprecedented burden on technology infrastructure,
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
Contact Centers in the Cloud: A Better Way to Source By Irwin Lazar Vice President and Service Director, Nemertes Research Executive Summary Contact Center Software as a Service (CCSaaS) solutions provide
Software-as-a-Service: Changing How You Share Information in Today s Changing Business World Part II Contents Introduction...1 Guidelines for Choosing an Online Workspace Provider...2 Evaluating SaaS Solutions:
Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
white paper Public or Private Cloud: The Choice is Yours Current Cloudy Situation Facing Businesses There is no debate that most businesses are adopting cloud services at a rapid pace. In fact, a recent
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
BUYING GUIDE Buying Guide for Cloud Services Getting Started Welcome to the CompTIA Buying Guide for Cloud Services. If you are like most executives, buying technology often entails elements of excitement,
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing
2014 Cloud Computing Exclusive Research from Cloud Computing Continues to Make Inroads Companies are expanding their use of cloud as they work through implementation and organizational challenges Cloud
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
Abstract Achieving success for today s compliance professional is both tougher and easier than ever. On one hand, there are more regulations and standards at almost every level, on the other, there are
Everything You Need To Know About Cloud Computing What Every Business Owner Should Consider When Choosing Cloud Hosted Versus Internally Hosted Software 1 INTRODUCTION Cloud computing is the current information
SaaS-Based Budget Planning Advantages over Traditional Models Author: Tom Olson Tom Olson is President and CEO of MyBudgetFile Inc. and former Associate Superintendent of Business and Finance for the Parkland
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 14 September 2011 Presenters Alistair Maughan Morrison & Foerster
6 Cloud strategy formation 6.1 Towards cloud solutions Based on the comprehensive set of information, collected and analysed during the strategic analysis process, the next step in cloud strategy formation
THREE YEAR TCO COMPARISON HOSTED EXCHANGE 1 MARCH 2012 This whitepaper compares the three year total cost of ownership of a high availability Microsoft Exchange 2010 mailbox between an Australian specialist-provider
Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)
Proofpoint Email Archiving Whitepaper: A look at the pros and cons of Software-as-a-Service and how they apply to email archiving. threat protection compliance archiving & governance secure communication
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
The Total Cost of Ownership of Hosted UC TCO in a Nutshell When you re shopping around for a new Unified Communications solution and the quotes are rolling in, it can be difficult to make a true apples-to-apples
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
Hybrid Cloud Mini Roundtable April 17, 2013 Expect Excellence www.divihn.com Today s Agenda What to expect today Introductions Plus, why are you here this evening? What is Hybrid Cloud? Why Hybrid Cloud?
City of Houston HITS Cloud Strategy and Body Worn Camera Project 1 Tina Carkhuff CIO/Interim Director Agenda 2 Overall HITS Goals Definitions On-Premise Storage Cloud-based Storage Advantages and Disadvantages
How cloud computing can transform your business landscape. This whitepaper will help you understand the ways cloud computing can benefit your business. Introduction It seems like everyone is talking about
Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,
Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information
Radware Cloud Solutions for Enterprises How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper Table of Content Executive Summary...3 Introduction...3 The Range of Cloud Service
The Compelling TCO Case for Cloud Computing in SMB and Mid-Market Enterprises A 4-year total cost of ownership (TCO) perspective comparing cloud and on-premise business application deployment Sanjeev Aggarwal,
Anywhere, Anytime Time Tracking Benefits of a SaaS-based Time and Attendance Solution Executive Summary Software as a Service (SaaS)-based time and attendance solutions offer strategic advantages to businesses
A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud
Whitepaper: Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider WHITEPAPER Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist
MINUTE READ TIME WHITE PAPER ACCOUNTS PAYABLE BEST PRACTICES IN AP AUTOMATION Consolidating Workflow Outside ERP Systems www.esker.com BEST PRACTICES IN AP AUTOMATION Consolidating Workflow Outside ERP
Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid
Understanding the Microsoft Cloud by Ken Withee 2013 Microsoft Corporation. All rights reserved. Microsoft, Lync, Microsoft Dynamics, SharePoint, Windows, and Windows Azure are trademarks of the Microsoft
Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents
Cloud Computing in Higher Education: A Guide to Evaluation and Adoption Executive Summary Public cloud computing delivering infrastructure, services, and software on demand through the network offers attractive
White Paper Are SaaS and Cloud Computing Your Best Bets? Understanding SaaS and Cloud Computing and Service Delivery Options for Real Estate Technology Solutions Joseph Valeri, MBA, MS President, Lucernex