1

Contingency Planning and Risk Mitigation Strategies

for Cloud-based Technology Transactions

December 2014

Iron Mountain Intellectual Property Management

John Boruvka, Vice President

2

Changing Cloud Market Landscape

Due Diligence and Risk Management

Practical Strategies for Providers and Subscribers

What is the End Game? Application Continuity, Service Sustainability or Something Else?

Is There Anything Else We Should Cover?

Your Agenda

3

The Techtonic Shift in Tech Delivery

85% of new software is now being built for the cloud

IBM 2013 Annual Report

4

• Bankruptcy (a “Nirvanix-Like Occurrence”)

• M&A (non prevailing products suffer from extinction)

• Contract Breach & Disputes

• Force Majeure - Extended Outage

• Exit Strategy

• Can’t Recover Your Data?

“Yes, But What-If? Then What?”

5

Legal Community Needs to Help with Due Diligence

as 79% of Providers don’t guarantee application continuity to their subscribers*

What are the Market Realities We See with Enterprise SaaS Subscribers?

Accepting source code escrow and not thinking through the what will I do with it?

Not unpacking the DR/BC question. The DR is there only as long as the Provider is.

Not talking through the RTO/RPO’s for their data and access to it in SLA’s

Deploying the application and dealing with it later…

6

The contraction of the SaaS market will come and force these issues as 40% of SaaS Providers are more likely to fail than their

on-premises counterparts

What are the Market Realities We See with SaaS Providers Addressing the Risk Issues?

Struggling with a “real answer” to the question of “what if” you disappear?

In terms of Subscribers access to “their data” – the answer is most of the time “a professional services engagement” to help you

Not addressing the “Elephant in the Room”. Don’t have a real disaster recovery or business continuity plans in place.

Telling the Subscriber to “trust me” or offer source code escrow.

7

How Are You Thinking About Your Clients Risk?

8

The Need to Assess SaaS Risks Differently

- Take the application - On-Premises

Hire Managed Service Provider to host and

maintain the app

Recover your data and migrate to a new solution

Update Your Resume

Application Continuity or is it Service Sustainability?

9

How Are Subscribers & Providers Enabling Contingency Plans?

Litigation & Courts

• Is this a real plan?

MSP “Insurance”

• Promise to pay fees to keep lights on?

Software Escrow

• Static code and data snapshots?

VM Back Up

• Dynamic Application and Data Back Up

Application Continuity

• Warm Back Up of App & Data to Standby Environment

High Availability

• Real Time Replication of App & Data

Build Trust Based on Criticality

How Critical is the App to the Subscriber?

10

What The Subscriber (Buyer) Needs?

• Is it Application Continuity

• Time to Migrate to a New Solution

• Unencumbered Access to Their Data

• Timely Access to Components Necessary to Make Use of their Data

• Leverage to Optimize the Vendor Relationship

• Satisfy Governance, Risk & Compliance Policy

• Minimize Risk of Loss

• Avoid Litigation and the Courts

11

What Do Providers Want?

• Satisfies a Client Requirement

• Instills Trust with Buyer - Credibility

• Shortens the Sales Cycle

• Competitive Advantage – Marketing Value!

• Sell Protection as a Value-Added Service Option

• Improve the Value of their Intellectual Property

• Enables SaaS in the Enterprise Markets

12

john.boruvka@ironmountain.com

Tel. 617-535-8301

Twitter: @JBoruvka

Thank You