3
Alfredo Saad IT Sourcing Consultant Jan 20 th , 2015 Cloud x Traditional Outsourcing: (Dis)similarities in Risk Management As discussed in a previous post, Cloud: Old Risks Vanish, New Ones Arise, whose previous reading is recommended, risk management shows some similarities but also some dissimilarities as we deal with traditional Outsourcing or Cloud scenarios. As mentioned, risks to be managed can be categorized into 3 groups: 1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics 2. Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario 3. Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario Let us detail, for each of the groups, the main risks to be managed. It is not intended the list below is exhaustive as other risks could be added depending on a specific environment or customer requirements: 1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics Risks associated to: Identification and prioritization of the business drivers which motivated the decision Definition of the organization sourcing strategy Provider(s) selection some critical areas of concern: o Due Diligence o Flexibility, agility and scalability to support demand fluctuations o Business case o Pricing mechanism and billing information for internal chargeback o Access control concerning additional services request o Proofs of concept and pilot-tests o Solution adequacy and robustness o Skills availability Contractual terms and conditions negotiation some critical areas of concern: o Data security, privacy, confidentiality and integrity o Industry regulations, audit tracking, compliance

Cloud x traditional outsourcing dis similarities in risk management_20_jan2015

Embed Size (px)

Citation preview

Page 1: Cloud x traditional outsourcing dis similarities in risk management_20_jan2015

Alfredo Saad

IT Sourcing Consultant Jan 20th, 2015

Cloud x Traditional Outsourcing:

(Dis)similarities in Risk Management

As discussed in a previous post , “Cloud: Old Risks Vanish, New Ones Arise”, whose previous reading is recommended, risk

management shows some similarities but also some dissimilarities as we deal with traditional Outsourcing or Cloud scenarios. As

mentioned, risks to be managed can be categorized into 3 groups:

1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different

characteristics

2. Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario

3. Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario

Let us detail, for each of the groups, the main risks to be managed. It is not intended the list below is exhaustive as other risks could

be added depending on a specific environment or customer requirements:

1. Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with

different characteristics

Risks associated to:

Identification and prioritization of the business drivers which motivated the decision

Definition of the organization sourcing strategy

Provider(s) selection – some critical areas of concern:

o Due Diligence

o Flexibility, agility and scalability to support demand fluctuations

o Business case

o Pricing mechanism and billing information for internal chargeback

o Access control concerning additional services request

o Proofs of concept and pilot-tests

o Solution adequacy and robustness

o Skills availability

Contractual terms and conditions negotiation – some critical areas of concern:

o Data security, privacy, confidentiality and integrity

o Industry regulations, audit tracking, compliance

Page 2: Cloud x traditional outsourcing dis similarities in risk management_20_jan2015

o Responsibility, indemnification and guarantees limitation

o Politics, legislation, taxes and currency exchange

o Data backup and disaster recovery

o Service Level Agreements and penalties

o Third-parties usage limitation

o Technological refresh

o Intellectual property

o Contract cancellation and termination

Services transition – some critical areas of concern:

o Impact over customer business operations

o Assignment of key human and technical resources

o Transition plan (activities, schedule, resources, responsibility)

Contract governance – some critical areas of concern:

o Conflicts resolution and escalation process

o Governance structure

o Relationship management

2. Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario

Risks associated to:

Human resources transfer – some critical areas of concern:

o Communication plan

o Critical resources

o Transferred team demotivation and resistance

o Transfer schedule

Assets transfer – some critical areas of concern:

o Transfer schedule

o Transient resources availability

In-flight projects and on-going contracts transfer

o Transfer schedule

o Renegotiation with third parties about on-going contracts

o Negotiation with provider about in-flight projects

3. Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario

Risks associated with the inherent (and yet not stabilized) characteristics of a cloud scenario:

o Frequent modifications on providers (new, merged or acquired ones), services portfolios, tools and pricing

mechanisms lists

o Cloud concepts and terminology standardization not sufficiently disseminated

o Big number of providers coexisting within an organization, not always peacefully

Secondary indirect risks coming from the progressive adoption of the new innovative digital technologies simultaneously to

the cloud adoption:

o Mobile devices, Social Networks, Big Data Analytics, Internet of Things, BYOD, Wearables, etc.

Secondary indirect risks coming from the evolution of the organization’s business model and their IT areas simultaneously to

the cloud adoption

o Migration from the Make & Sell to the Sense & Respond organization business model

o Migration from the traditional siloed to the bimodal IT model

o Changes in investment decision model

o New IT skills availability

o Impact over the business areas

Risks associated:

o To the uncritical adhesion to one-click contracts

o To applications integration, interoperability, portability and monitoring

o To difficulties to migrate between providers (vendor lock-in)

o To the structuring of a cloud management platform

Does the reader perception coincide with that of the author? Please contribute with your comments.

Page 3: Cloud x traditional outsourcing dis similarities in risk management_20_jan2015