What Contract Risks are Hiding in the Cloud?

Similar documents
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

This Webcast Will Begin Shortly

White Paper: Mitigating the additional risks of software-as-a-service applications.

ARE YOU GOING DIGITAL WITHOUT A NET?

WIN-WINN NEGOTIATION: BECOMING A REALITY? By Tim Cummins. source, rather than dealing primarily with the consequences when things go wrong.

An Academic Medical Center's Journey to the Cloud

Managing Legal and Operational Risk in IT Agreements

ASC 606 For Software Companies: Step 5 - Recognizing Revenue. August 16, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

6 Key Elements of Successful DRaaS

Total Cost Management and Cloud Computing

Evaluating Cloud Based Software Offerings

IBM SmartCloud Control Desk: High Availability and Disaster Recovery Configurations IBM Redbooks Solution Guide

Cloudy with a Chance of ERP Is Cloud just a "thing"?

Contract Compliance. Getting Full Value from Your Business Arrangements Healthcare Contract Compliance April 2014 Sue Ulrey

15,500+ 5, , ,000. Bloomberg Corporate Profile. Real-time financial information. employees. 192 locations around the world

IBM Emptoris Strategic Supply Management on Cloud

Acquiring Cloud Services A Contracting Officer s perspective

IBM Emptoris Managed Cloud Delivery

Rapid Cloud Enablement for Software Companies

A Framework Approach to Ensuring Application Recovery Readiness. White Paper

Moving ERP Systems to the Cloud

AFFORDABLE AZURE February 14, 2019

Managed Private Cloud for Adobe Connect

Open Source Software Audit Do it now or pay later! Jonathan F. Ariano Osborn Maledon, PA

On-premise vs. cloud-based solutions. A dilemma for businesses

IBM Emptoris Services Procurement on Cloud

IBM Cognos TM1 on Cloud

Supporting Cloud Computing with Professional Services

FGFOA Workday HR/FM ERP in the Cloud. Brian Battles Deputy CFO, City of Orlando. February 23, 2017

An Overview of the AWS Cloud Adoption Framework

Awell-crafted records management

Guidance on Arrangements to Support Operational Continuity in Resolution

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

27 Powerful Questions to Ask ERP Providers

White Paper. Managed IT Services as a Business Solution

IBM Emptoris Contract Management on Cloud

IBM Case Manager on Cloud

IBM Emptoris Contract Management on Cloud

For Business Process & Applications Professionals

IBM Case Manager on Cloud

IBM Emptoris Contract Management on Cloud

IBM Emptoris Contract Management on Cloud

IBM Emptoris Managed Cloud Delivery

Cloud Strategy Workshops

Moving Enterprise Resource Planning (ERP) to the cloud. Five Key Considerations for Every Enterprise.

Cloud & Accounting Treatment

EMA Radar for Application Discovery and Dependency Mapping (ADDM): Q AppEnsure Profile

Building & Scaling a Profitable SaaS Business In the Cloud

Scott Fagen Distinguished Engineer Session# 8244

Migrating Enterprise Applications to the Cloud. Cloud Expo West 2011 Tuesday, November 8th

Dr. Thomas Lumpp, IBM Deutschland Research & Development GmbH Cloud Resiliency IBM Corporation

Ensuring Organizational & Enterprise Resiliency with Third Parties

Strategic Business Continuity Management

ESCAPE ALL LIMITATIONS. How to Capture a Bigger Share of. Strong Data Protection for Microsoft Server 2012: Unitrends Enterprise Backup

How to disasterproof critical. business data. 5 steps for keeping systems online and accessible in any scenario.

IBM Emptoris Program Management on Cloud

IBM Emptoris Contract Management on Cloud

ROI: 270% Payback: 3 Months VERTICA T H E B O T T O M L I N E. Barbara Z Peck

ADDENDUM #1 RP Provision of Gwinnett County s Migration from SharePoint 2010 to SharePoint 2016 Project

Realizing the Value of Cloud

IBM Certified Managed Service Provider. A Joint Venture: ABC and Data Storage Corporation IBM Corporation

IBM Emptoris Supplier Lifecycle Management on Cloud

QuickBooks Desktop: Transform Your Desktop into an Online Collaborative Solution

SunGard: Cloud Provider Capabilities

can I consolidate vendors, align performance with company objectives and build trusted relationships?

NTT DATA Service Description

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017

Health Care CRM RFP Guide

Application Performance Management Advanced for Software as a Service

PUBLISHED BY IAITAM Publishing, LLC 1137 State Route 43 Suffield, Ohio Copyright 2008 by IAITAM Publishing, LLC All rights reserved.

What s the Weakest Link in DR plans? Canadian companies confess their shortcomings

Disaster Avoidance If you can recover from a failure fast enough, did it really happen?

Table of Contents 1. What s New... 1

Establishing Free and Open Source Software Compliance Programs: Challenges and Solutions. By Ibrahim Haddad, Ph.D.

Keeping the Lights On When No One Else Can

Your Cloud Action Plan: Five Steps to Readiness

IBM Sterling B2B Integrator

White Paper. What Every SaaS Company Should Know About Integrating with Its Customers

IBM Cloud Object Storage and CTERA

IBM Facilities and Real Estate Management on Cloud (TRIRIGA)

Before You Buy! Ten Questions to Ask Your Cloud Vendor

SaaS Listing CA Agile Central

Third Party Vendor Management and FDR Compliance

TELEPHONY BE A PRIORITY FOR YOUR BUSINESS?

Viewpoint Transition to the cloud

The Application Gap in Manufacturing

BLOCKCHAIN CLOUD SERVICE. Integrate Your Business Network with the Blockchain Platform

Finding Your Blue Sky

WHITEPAPER WHITEPAPER. Processing Invoices in the Cloud or On Premises Pros and Cons

Enterprise Resource Planning Project Update

Cloud Customer Architecture for API Management.

Service Level Agreement (SLA)

SERVICE DESCRIPTION DISASTER RECOVERY AS A SERVICE

CASE STUDY FULLY MANAGED IZO HYBRID CLOUD PLATFORM GIVES INFOR FUTURE-PROOF COMPUTING.

DELL EMC CLOUD ARCHIVE FOR PETROTECHNICAL DATA

Supplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?

How Much Will Serialization Really Cost? AN INTRODUCTION TO THE TOTAL COST OF OWNERSHIP

Module: Building the Cloud Infrastructure

NORTH AMERICA INTEGRATION MARKET SURVEY. Key Takeaways Based on 155 Survey Responses

Transcription:

What Contract Risks are Hiding in the Cloud? July 21, 2015 webinar Presented by: Tim Cummins, IACCM & David Strouse, Iron Mountain 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners. 1

Today s Presenters Tim Cummins, CEO, IACCM Tim works with organizations to support understanding of the role that procurement, contracting and relationship management play in business performance and public policy. David Strouse, Director, Iron Mountain, Intellectual Property Management David helps enterprise organizations create and implement appropriate solutions to protect their intellectual property assets. 2

Agenda Tim Cummins - Industry Overview & Trends David Strouse - What s happening with SaaS today? - What are your SaaS headaches? - How do I assess my risk? - How do I protect my SaaS investment with software escrow? - What are Best Practices to safeguard SaaS applications and data? Q&A - Please submit questions as you have them. Questions will be answered at the end of the session. A copy of the slides and a link to the recording will be available to all participants. You will also receive a white paper, templates & other materials from Iron Mountain. 3

IACCM analyzed Cloud Agreements Comparative length of agreement Number of cross referenced documents Single or Multiple offering Flesch Test (Flesch Target: 50-60; a high score is good). 9 pages 3 pages 13 pages 7 documents, plus web links, plus Order Form. Dual offering: cloud services and associated consultancy services. Multiple orders for cloud services may be used against the same terms. 3 documents: order form and service levels, and the NDA is a separate document. Single: cloud service only, but multiple in number of cloud services Flesch 26 Flesch 37.3 Flesch 46.9 7 documents incl: SLA, Service Terms, trademark use guidelines, Software License and Service Offerings License as well as web links. Generic framework agreement

The risks behind the Cloud What we discovered in many Cloud agreements: It is not clear what the supplier is committing Extensive responsibilities are placed on the customer The supplier has few obligations and limited consequences The agreement is poorly structured and complicated to interpret

A Paradigm Shift in Technology Delivery 85% of new software is now being built for the cloud -IBM 2013 Annual Report 6

SaaS is increasingly becoming Mainstream 7

The Benefits of SaaS are Clear. Yes, But What-If? Then What? Bankruptcy or failure to do business in the ordinary course. M&A (non prevailing products suffer from extinction) Contract Breach & Disputes Force Majeure - Extended Outage Need to Execute an Exit Strategy Can t Recover Your Data? 8

How Are You Assessing Your Risk? 9

What are the Market Realities We See with Enterprise SaaS Subscribers? Accepting traditional source code escrow and not thinking through the what will I do with it? Not unpacking the DR/BC question. A SaaS provider s disaster recovery plan is there only as long as the Provider is. 72% of organizations find it highly important that a SaaS provider offers a plan to allow continued access to applications in the event that they go out of business. -Softletter Research Not talking through the RTO/RPO s for their data and access to it in SLA s Deploying the application and dealing with it later Yet, 79% of SaaS providers do not guarantee their subscribers application continuity. -IDG Custom Research 10

Possible SaaS Risk Contingencies Take the application On-Premises Hire Managed Service Provider to host and maintain the application Recover your data and migrate to a new solution Update Your Resume 11

Introduction to the Contingency Plan Ask Questions! - If my application is unavailable, what is the impact on my company and customers in 1 hour, 1 day, 1 week? - Where is my data and what are my options to get access to it? - Is my data usable without the application? - If necessary, could you take the application on-premises or find a new SaaS provider? How long will that take? - What events will trigger your contingency plan? - How will you document the contingency and who will be responsible for execution (internally/externally)? - Is it possible to perform verification testing to ensure the plan works? - Do you have a repeatable process for dealing with these situations? 12

How can Traditional Software Escrow be Adapted for SaaS Applications? SaaS escrow environment runs independently of the provider 13

SaaS Escrow Contingency Trigger Process Problem Occurs Subscriber contacts Provider Problem is rectified Desired Outcome Application Continuity Secured No response Subscriber Contacts Escrow Agent Contingency Trigger process is invoked Access to the Recovery Environment is provided Data Recovered 14

SaaS Escrow Options 15

Case Study: Three Approaches to Risk Mitigation Non-Profit Member Organization Source Code and Object Code Access Code Verification Data Delivered Directly Financial Services Standby Replication Failover Capability Application & Data Continuity Enterprise Legal Management Source Code Access Code Verification Contingency Planning for Subscriber Full Disaster Recovery and Ongoing support 16 16

Key Takeaways Application Continuity Time to Migrate to a New Solution Unencumbered Access to Your Data Timely Access to Components Necessary to Make Use of Your Data Leverage to Optimize the Vendor Relationship Satisfy Governance, Risk & Compliance Policy Minimize Risk of Loss Avoid Litigation and the Courts 17

Q&A Want to learn more? Visit www.ironmountain.com/saas or email david.strouse@ironmountain.com 2012 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks and SaaSProtect Escrow Service is a trademark of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners. 18

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback