Skip to main content

Cloud Vendor Management and Procurement: Challenges and Opportunities

By April 1, 2013Article

Cloud is the new best of breed, right? In previous posts I’ve written about IT organizations that have gone from “cloud skeptical” to “cloud first” as well as the need to establish “cloud control.” But what about Finance? And more specifically, what is the impact of this so-called “cloud rush” on the people responsible for vendor management and procurement?

To find out, I sat down with Ryan Meonske, global procurement and vendor management director at Informatica. Ryan partners closely with members of the IT organization to evaluate, negotiate and manage vendors with an increasing emphasis on cloud solutions. He has held procurement roles at Yahoo!, Cisco and Adobe. Early in his career he worked in sales at Sun Microsystems selling to high-tech companies, so he knows all of the angles on this topic.

Ryan, I’ve written about IT organizations embracing a “cloud first” approach and the need for “cloud control.” How does this impact you in your role?

Cloud solutions are critical to how we run our business. In fact, we now actually have more cloud applications than we do on premises. This is a not only a huge change for our IT organization and how they support the business, it’s also a fundamental change in terms of finance and how we budget for software purchases. With the cloud/subscription model, software is treated as an operational expense instead of being capitalized.

With the volume of cloud solutions continuing to grow, procurement is playing a larger role in helping to evaluate a vendor’s financial viability, as well as negotiate and mitigate risks in order to protect the company. We also partner very closely with IT to ensure that we have a complete “enterprise architecture review” for each cloud solution. We focus on everything to do with data security, service levels and exit rights once a vendor relationship is terminated.

Has the cloud introduced more complexity when it comes to vendor management and procurement?

With all of these emerging cloud-based solutions addressing critical business needs, it has caused us to reevaluate how we look at a vendor’s financial viability and what type of risk our organization is willing to take on. We want to ensure there’s no possibility of the vendor going out of business in a year or two, so traction in the marketplace matters. In addition, we need to understand, should a company go out of business, what contingency plans we have in place.

Also, most of the emerging cloud providers are unwilling to take on significant liability and want to cap any liability at fees paid for a predetermined period of time. Their position is that they do not want to put their company out of business should they have an issue with a given customer where there is unlimited liability. The problem is that if we experience an issue where we are harmed due to an action by the cloud provider our damages will typically far exceed any fees paid.

One solution that has worked with numerous vendors is that they agreed to increase their liability to at least the fees for the entire length of the contract. Another solution that we have explored is to limit the cloud provider’s liability to only what is in their current insurance policy. That way they are only taking on the risks that are transferred from their insurance and nothing more so that no one issue would put them out of business.

Service Level Agreements, also known as SLAs, are another area taking on more importance in cloud solutions. We need the cloud provider to agree to certain uptime and response metrics with meaningful penalties should these SLAs not be met. This should include escalating credits and also include a customer option to terminate the agreement should SLAs be missed in multiple periods.

Another area we now must spend time on is around what happens to our data if the vendor relationship ends. We focus in the contract on documenting the process for the return of our data, in terms of the type of format, as well as how quickly the vendor is required to provide that data to us. In addition, we want to ensure that the vendor does not delete our data without our consent.

Finally, we are focused on ensuring that as part of the cloud contract, we document the renewal provisions at the end of the initial term of the agreement. We have been successful in negotiating aggressive pricing discounts and need to ensure that there will not be significant price increases at the time of future renewals. Therefore, we now make it a point to ensure that all cloud contracts clearly state that we have the right to renew for additional terms with a cap on any increase in fees to prevent this issue from arising in the future.

What role does integration play when it comes to cloud vendor management and procurement? What other factors are important? 

Integration plays a significant role in cloud solutions. As we start leveraging more best-of-breed cloud applications, the number of vendors that are providing these solutions has expanded as well. This creates more of a challenge for our IT organization, which must manage all of these applications and vendors.

One of the ways that we focus on addressing some of these integration challenges is by identifying areas where we can potentially consolidate or reduce the number of vendors. In addition, we also now need to test all of these cloud solutions when there are new releases or enhancements to ensure that it does not affect the integration between other systems. Therefore, we are now requiring that a sandbox be provided in order to ensure that nothing breaks once there is a new release or enhancement of a particular solution.

What guidance do you have for organizations looking to make greater investments in cloud technologies?? 

My guidance is that cloud solutions are gaining an increasing level of adoption across most organizations; however there are potential risks that need to be considered before a decision is made to go with a cloud solution versus on premises.

As I mentioned, understanding how your organization evaluates vendor financial viability, the appetite for risk in selecting a cloud provider and a solution that has the potential to go out of business in a year or two, and then ensuring that as part of any contract you are protecting your organization’s IP rights, data security requirements, exit rights and renewal terms are just a few things to consider.

Since this is such an emerging area, both cloud providers and customers are jointly working together to solve some of these issues and there is no one solution that works with every provider.

Darren Cunningham is vice president of Marketing at Informatica Cloud.