+ All Categories
Home > Documents > What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in...

What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in...

Date post: 26-May-2020
Category:
Upload: others
View: 3 times
Download: 0 times
Share this document with a friend
18
1 July 21, 2015 webinar Presented by: Tim Cummins, IACCM & David Strouse, Iron Mountain © 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners. What Contract Risks are Hiding in the Cloud?
Transcript
Page 1: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

1

July 21, 2015 webinar

Presented by: Tim Cummins, IACCM & David Strouse, Iron Mountain

© 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated.

All other trademarks and registered trademarks are the property of their respective owners.

What Contract Risks are Hiding in the Cloud?

Page 2: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

2

Today’s Presenters

Tim works with organizations to support understanding of the role that procurement, contracting and relationship management play in business performance and public policy.

David helps enterprise organizations create and implement appropriate solutions to protect their intellectual property assets.

Tim Cummins, CEO, IACCM

David Strouse, Director, Iron Mountain, Intellectual Property Management

Page 3: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

3

Agenda

Tim Cummins –

- Industry Overview & Trends

David Strouse –

- What’s happening with SaaS today?

- What are your SaaS headaches?

- How do I assess my risk?

- How do I protect my SaaS investment with software escrow?

- What are Best Practices to safeguard SaaS applications and data?

Q&A –

- Please submit questions as you have them. Questions will be answered

at the end of the session.

A copy of the slides and a link to the recording will be available to all

participants. You will also receive a white paper, templates & other

materials from Iron Mountain.

Page 4: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

IACCM analyzed Cloud Agreements

Comparative length of agreement

9 pages 3 pages 13 pages

Number of cross referenced documents

7 documents, plus web links, plus Order Form.

3 documents: order form and service levels, and the NDA is a separate document.

7 documents incl: SLA, Service Terms, trademark use guidelines, “Software License” and “Service Offerings License” as well as web links.

Single or Multiple offering

Dual offering: cloud services and associated consultancy services. Multiple orders for cloud services may be used against the same terms.

Single: cloud service only, but multiple in number of “cloud services”

Generic framework agreement

Flesch Test (Flesch Target: 50-60; a high score is good).

Flesch 26 Flesch 37.3 Flesch 46.9

Page 5: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

The risks behind the Cloud

What we discovered in many Cloud agreements:

• It is not clear what the supplier is committing

• Extensive responsibilities are placed on the customer

• The supplier has few obligations and limited consequences

• The agreement is poorly structured and complicated to interpret

Page 6: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

6

A Paradigm Shift in Technology Delivery

85% of new software is now being built for the cloud

-IBM 2013 Annual Report

Page 7: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

7

SaaS is increasingly becoming Mainstream

Page 8: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

8

• Bankruptcy or failure to do business in the ordinary course.

• M&A (non prevailing products suffer from extinction)

• Contract Breach & Disputes

• Force Majeure - Extended Outage

• Need to Execute an Exit Strategy

• Can’t Recover Your Data?

The Benefits of SaaS are Clear. Yes, But What-If? Then What?”

Page 9: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

9

How Are You Assessing Your Risk?

Page 10: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

10

72% of organizations find it highly important that a SaaS provider offers a plan to allow continued access to applications in the event that they go out of business.

-Softletter Research

Yet, 79% of SaaS providers do not guarantee their subscribers application continuity.

-IDG Custom Research

What are the Market Realities We See with Enterprise SaaS Subscribers?

Accepting traditional source code escrow and not thinking through the what will I do with it?

Not unpacking the DR/BC question. A SaaS provider’s disaster recovery plan is there only as long as the Provider is.

Not talking through the RTO/RPO’s for their data and access to it in SLA’s

Deploying the application and dealing with it later…

Page 11: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

11

Possible SaaS Risk Contingencies

Take the application On-Premises

Hire Managed Service Provider to host and

maintain the application

Recover your data and migrate to a new solution

Update Your Resume

Page 12: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

12

Introduction to the Contingency Plan – Ask Questions!

- If my application is unavailable, what is the impact on my

company and customers in 1 hour, 1 day, 1 week?

- Where is my data and what are my options to get access to it?

- Is my data usable without the application?

- If necessary, could you take the application on-premises or find a

new SaaS provider? How long will that take?

- What events will trigger your contingency plan?

- How will you document the contingency and who will be

responsible for execution (internally/externally)?

- Is it possible to perform verification testing to ensure the plan

works?

- Do you have a repeatable process for dealing with these

situations?

Page 13: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

13

SaaS escrow environment runs independently of the provider

How can Traditional Software Escrow be

Adapted for SaaS Applications?

Page 14: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

14

SaaS Escrow Contingency Trigger Process

Subscriber contacts Provider

Application Continuity Secured

Access to the Recovery

Environment is provided

Problem Occurs

Problem is rectified

Subscriber Contacts Escrow

Agent

No response

Desired Outcome

Data Recovered

Contingency Trigger process is

invoked

Page 15: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

15

SaaS Escrow Options

Page 16: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

16 16

Non-Profit Member Organization

Financial Services Enterprise Legal Management

Source Code and Object Code Access

Code Verification

Data Delivered Directly

Standby Replication

Failover Capability

Application & Data Continuity

Source Code Access

Code Verification

Contingency Planning for Subscriber

Full Disaster Recovery and Ongoing support

Case Study: Three Approaches to Risk Mitigation

Page 17: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

17

Key Takeaways

• Application Continuity

• Time to Migrate to a New Solution

• Unencumbered Access to Your Data

• Timely Access to Components Necessary to Make Use of Your Data

• Leverage to Optimize the Vendor Relationship

• Satisfy Governance, Risk & Compliance Policy

• Minimize Risk of Loss

• Avoid Litigation and the Courts

Page 18: What Contract Risks are Hiding in the Cloud? · 7/21/2015  · What Contract Risks are Hiding in the Cloud? 2 Today’s Presenters Tim works with organizations to support understanding

18

Q&A

© 2012 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks and SaaSProtect Escrow Service is a trademark of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners.

Want to learn more?

Visit www.ironmountain.com/saas

or email [email protected]


Recommended