Cloud x Traditional Outsourcing: (Dis)similarities in Risk Management
publicado por Alfredo Saad
As discussed in a previous article, “Cloud: Old Risks Vanish, New Ones Arise”, whose previous reading is recommended, risk management shows some similarities but also some dissimilarities as we deal with traditional Outsourcing or Cloud scenarios. As mentioned, risks to be managed can be categorized into 3 groups:
Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics
Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
Let us detail, for each of the groups, the main risks to be managed. It is not intended the list below is exhaustive as other risks could be added depending on a specific environment or customer requirements:
Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics
Risks associated to:
Identification and prioritization of the business drivers which motivated the decision
Definition of the organization sourcing strategy
Provider(s) selection – some critical areas of concern:
Due Diligence
Flexibility, agility and scalability to support demand fluctuations
Business case
Pricing mechanism and billing information for internal chargeback
Access control concerning additional services request
Proofs of concept and pilot-tests
Solution adequacy and robustness
Skills availability
Contractual terms and conditions negotiation – some critical areas of concern:
Data security, privacy, confidentiality and integrity
Industry regulations, audit tracking, compliance
Responsibility, indemnification and guarantees limitation
Politics, legislation, taxes and currency exchange
Data backup and disaster recovery
Service Level Agreements and penalties
Third-parties usage limitation
Technological refresh
Intellectual property
Contract cancellation and termination
Services transition – some critical areas of concern:
Impact over customer business operations
Assignment of key human and technical resources
Transition plan (activities, schedule, resources, responsibility)
Contract governance – some critical areas of concern:
Conflicts resolution and escalation process
Governance structure
Relationship management
Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
Risks associated to:
Human resources transfer – some critical areas of concern:
Communication plan
Critical resources
Transferred team demotivation and resistance
Transfer schedule
Assets transfer – some critical areas of concern:
Transfer schedule
Transient resources availability
In-flight projects and on-going contracts transfer
Transfer schedule
Renegotiation with third parties about on-going contracts
Negotiation with provider about in-flight projects
Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
Risks associated with the inherent (and yet not stabilized) characteristics of a cloud scenario:
Frequent modifications on providers (new, merged or acquired ones), services portfolios, tools and pricing mechanisms lists
Cloud concepts and terminology standardization not sufficiently disseminated
Big number of providers coexisting within an organization, not always peacefully
Secondary indirect risks coming from the progressive adoption of the new innovative digital technologies simultaneously to the cloud adoption:
Mobile devices, Social Networks, Big Data Analytics, Internet of Things, BYOD, Wearables, etc.
Secondary indirect risks coming from the evolution of the organization’s business model and their IT areas simultaneously to the cloud adoption
Migration from the Make & Sell to the Sense & Respond organization business model
Migration from the traditional siloed to the bimodal IT model
Changes in investment decision model
New IT skills availability
Impact over the business areas
Risks associated:
To the uncritical adhesion to one-click contracts
To applications integration, interoperability, portability and monitoring
To difficulties to migrate between providers (vendor lock-in)
To the structuring of a cloud management platform
Does the reader’s perception coincide with that of the author? Please contribute with your comments.
________
A versão em português deste artigo, com o título ” Cloud x Outsourcing Tradicional: (Des)semelhanças na Gestão de Riscos ” foi também publicado aqui no site TI Especialistas. Para vê-la acesse o link abaixo:
Alfredo Saad has been acting on IT area since 1970, taught more than 100 lectures in Brazil and abroad (USA, France, Portugal, Chile, Argentina & Uruguay).
He has been acting on IT Strategic Outsourcing Services area since 1997. He negotiated and managed, as Varig's IT Technology Manager, the contract signed with IBM (1997-2004). In 2006 he published the book "IT Services Outsourcing" (Brasport Publishing House). He managed (2006-2009), as an IBM Project Executive, the South American section of Michelin's global outsourcing contract. Risk Manager of all IBM Strategic Outsourcing contracts in Brazil (2009-2014). From March 2014 on, he has been acting as an independent consultant, lecturer and writer on IT Outsourcing as the principal of his own company, Saad Consulting.