Upload
alfredo-saad
View
50
Download
0
Embed Size (px)
Citation preview
Alfredo Saad
IT Sourcing Consultant Jan 20th, 2015
Cloud x Traditional Outsourcing:
(Dis)similarities in Risk Management
As discussed in a previous post , “Cloud: Old Risks Vanish, New Ones Arise”, whose previous reading is recommended, risk
management shows some similarities but also some dissimilarities as we deal with traditional Outsourcing or Cloud scenarios. As
mentioned, risks to be managed can be categorized into 3 groups:
1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different
characteristics
2. Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
3. Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
Let us detail, for each of the groups, the main risks to be managed. It is not intended the list below is exhaustive as other risks could
be added depending on a specific environment or customer requirements:
1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with
different characteristics
Risks associated to:
Identification and prioritization of the business drivers which motivated the decision
Definition of the organization sourcing strategy
Provider(s) selection – some critical areas of concern:
o Due Diligence
o Flexibility, agility and scalability to support demand fluctuations
o Business case
o Pricing mechanism and billing information for internal chargeback
o Access control concerning additional services request
o Proofs of concept and pilot-tests
o Solution adequacy and robustness
o Skills availability
Contractual terms and conditions negotiation – some critical areas of concern:
o Data security, privacy, confidentiality and integrity
o Industry regulations, audit tracking, compliance
o Responsibility, indemnification and guarantees limitation
o Politics, legislation, taxes and currency exchange
o Data backup and disaster recovery
o Service Level Agreements and penalties
o Third-parties usage limitation
o Technological refresh
o Intellectual property
o Contract cancellation and termination
Services transition – some critical areas of concern:
o Impact over customer business operations
o Assignment of key human and technical resources
o Transition plan (activities, schedule, resources, responsibility)
Contract governance – some critical areas of concern:
o Conflicts resolution and escalation process
o Governance structure
o Relationship management
2. Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
Risks associated to:
Human resources transfer – some critical areas of concern:
o Communication plan
o Critical resources
o Transferred team demotivation and resistance
o Transfer schedule
Assets transfer – some critical areas of concern:
o Transfer schedule
o Transient resources availability
In-flight projects and on-going contracts transfer
o Transfer schedule
o Renegotiation with third parties about on-going contracts
o Negotiation with provider about in-flight projects
3. Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
Risks associated with the inherent (and yet not stabilized) characteristics of a cloud scenario:
o Frequent modifications on providers (new, merged or acquired ones), services portfolios, tools and pricing
mechanisms lists
o Cloud concepts and terminology standardization not sufficiently disseminated
o Big number of providers coexisting within an organization, not always peacefully
Secondary indirect risks coming from the progressive adoption of the new innovative digital technologies simultaneously to
the cloud adoption:
o Mobile devices, Social Networks, Big Data Analytics, Internet of Things, BYOD, Wearables, etc.
Secondary indirect risks coming from the evolution of the organization’s business model and their IT areas simultaneously to
the cloud adoption
o Migration from the Make & Sell to the Sense & Respond organization business model
o Migration from the traditional siloed to the bimodal IT model
o Changes in investment decision model
o New IT skills availability
o Impact over the business areas
Risks associated:
o To the uncritical adhesion to one-click contracts
o To applications integration, interoperability, portability and monitoring
o To difficulties to migrate between providers (vendor lock-in)
o To the structuring of a cloud management platform
Does the reader perception coincide with that of the author? Please contribute with your comments.