The recently announced closure of Nirvanix should serve as a wake up call and lesson in best practice for end users and Cloud Service Providers (CSPs) when contracting for cloud services. According to the Cloud Industry Forum (CIF), businesses must ensure they have achieved contractual clarity for service delivery and with regards to how a relationship formally ends at a practical level, regardless of cause of the termination.
US-based enterprise cloud storage provider Nirvanix has given customers until the 30th September to find a new home for their data due to financial difficulties. A regrettable scenario not dissimilar to 2e2 in the UK (albeit the latter was not a CSP).
Commenting on the case, Andy Burton, founder of CIF, said that the very sudden and public demise of Nirvanix, which is causing significant challenges to its customer base, should serve as a necessary reminder for end users to seek contractual clarity and reassurance from CSPs to understand how a service will be delivered, where and how the data is stored, what the minimum notice they will have from termination announcement to move data to another provider is, what format the data will be provided back and what costs will be incurred (if any) to return the data.
Burton stated: “Irrespective of whether this was caused by their potential financial mismanagement of investor funding and commercial contracts, Nirvanix’ actions here demonstrate a flagrant disregard for their customers’ businesses and data. Their actions here risk erroneously bringing significant negative impact on the perception of the cloud market as a whole. If what we are reading is true, by offering a mere two-weeks in which to migrate customer data from their servers, Nirvanix have essentially hung their customers out to dry. There will inevitably be comparisons drawn here between the closure of 2e2’s European operations earlier this year, and of Doyenz’ retrenchment in 2012. In such a case as this I think it is also appropriate that Investors / Shareholders hold an Executive Board to account for their operational delivery and ensure that a proper and ethical approach to any cessation of service is undertaken in the still rare occasions this is required. Governance should be effective across the Board!
“Nevertheless, end Users can take steps to mitigate risk and as a matter of principle, cloud users must always plan rationally upfront and seek contractual clarity and reassurance from CSPs in order to understand how the service will be delivered, who is accountable and liable for which aspects of service continuity, and ultimately what is the process and timescale to disengage and move data in a planned or forced termination.
“When it comes to procuring cloud services, caveat emptor still applies today. Whether buying direct online or via a third party it is essential that an organisation can establish confidence in the Service Provider/s so that they can be ultimately confident in both their expectations and their experience throughout the life of a contract, and no matter how it ends,” Andy continued.
CIF has called on end users to take stock and always maintain overall governance of how IT is delivered, and therefore to always assume and maintain ultimate responsibility for decisions they make either on-premise or in terms of adopting cloud services, pointing to three main areas of focus: contracting, contingency, and certification.
· Contracting
A careful review of the contract and SLAs should highlight the extent to which the customer has any meaningful remedy if the service levels are not met and should enable the customer to take measures to minimise losses or disruption in the event that a disaster does occur. Clarity will be needed to understand how the service is delivered and who is accountable and liable for service delivery, including post termination timescales and the format and method of recovering data.
· Contingency
Whilst a CSP can be held accountable for a breach of contract or a service failure, the end user still needs to be clear on what their operational remediation plan is. The absence of one is a critical flaw in any sourcing decision whether the solution is delivered on-premise or in-cloud. Buying a cloud service is no different to buying any other IT solution, if it is a critical part of the business operations then appropriate business continuity/Disaster Recovery (DR) plans need to be in place. The good thing about DR in the cloud is there are many more economically viable options for smaller companies to participate in, and it’s no longer the privilege of the larger company. Be prepared!
· Certification
In order to drive up best practice and standards in the industry, Certification schemes are evolving such as CIF’s Code of Practice which champions professional CSPs seeking to build demonstrable trust in the supply chain by providing transparency about their business, validating capability and clarifying accountability in their approach to market. Whilst it is no guarantee of future performance, participation by a CSP in a certification scheme does show a more prepared and conscientious approach to service delivery that customers can take comfort from.
“CSPs have an opportunity to achieve competitive advantage by being straightforward and transparent about their business practices and processes. Clarity of obligations, service levels, service options and issue resolution will positively reduce risk for end users in making their supplier choice decisions,” Andy concluded.