contingency planning and risk mitigation strategies for cloud-based technology transactions - up...
TRANSCRIPT
1
Contingency Planning and Risk Mitigation Strategies
for Cloud-based Technology Transactions
December 2014
Iron Mountain Intellectual Property Management
John Boruvka, Vice President
2
Changing Cloud Market Landscape
Due Diligence and Risk Management
Practical Strategies for Providers and Subscribers
What is the End Game? Application Continuity, Service Sustainability or Something Else?
Is There Anything Else We Should Cover?
Your Agenda
3
The Techtonic Shift in Tech Delivery
85% of new software is now being built for the cloud
IBM 2013 Annual Report
4
• Bankruptcy (a “Nirvanix-Like Occurrence”)
• M&A (non prevailing products suffer from extinction)
• Contract Breach & Disputes
• Force Majeure - Extended Outage
• Exit Strategy
• Can’t Recover Your Data?
“Yes, But What-If? Then What?”
5
Legal Community Needs to Help with Due Diligence
as 79% of Providers don’t guarantee application continuity to their subscribers*
What are the Market Realities We See with Enterprise SaaS Subscribers?
Accepting source code escrow and not thinking through the what will I do with it?
Not unpacking the DR/BC question. The DR is there only as long as the Provider is.
Not talking through the RTO/RPO’s for their data and access to it in SLA’s
Deploying the application and dealing with it later…
6
The contraction of the SaaS market will come and force these issues as 40% of SaaS Providers are more likely to fail than their
on-premises counterparts
What are the Market Realities We See with SaaS Providers Addressing the Risk Issues?
Struggling with a “real answer” to the question of “what if” you disappear?
In terms of Subscribers access to “their data” – the answer is most of the time “a professional services engagement” to help you
Not addressing the “Elephant in the Room”. Don’t have a real disaster recovery or business continuity plans in place.
Telling the Subscriber to “trust me” or offer source code escrow.
7
How Are You Thinking About Your Clients Risk?
8
The Need to Assess SaaS Risks Differently
- Take the application - On-Premises
Hire Managed Service Provider to host and
maintain the app
Recover your data and migrate to a new solution
Update Your Resume
Application Continuity or is it Service Sustainability?
9
How Are Subscribers & Providers Enabling Contingency Plans?
Litigation & Courts
• Is this a real plan?
MSP “Insurance”
• Promise to pay fees to keep lights on?
Software Escrow
• Static code and data snapshots?
VM Back Up
• Dynamic Application and Data Back Up
Application Continuity
• Warm Back Up of App & Data to Standby Environment
High Availability
• Real Time Replication of App & Data
Build Trust Based on Criticality
How Critical is the App to the Subscriber?
10
What The Subscriber (Buyer) Needs?
• Is it Application Continuity
• Time to Migrate to a New Solution
• Unencumbered Access to Their Data
• Timely Access to Components Necessary to Make Use of their Data
• Leverage to Optimize the Vendor Relationship
• Satisfy Governance, Risk & Compliance Policy
• Minimize Risk of Loss
• Avoid Litigation and the Courts
11
What Do Providers Want?
• Satisfies a Client Requirement
• Instills Trust with Buyer - Credibility
• Shortens the Sales Cycle
• Competitive Advantage – Marketing Value!
• Sell Protection as a Value-Added Service Option
• Improve the Value of their Intellectual Property
• Enables SaaS in the Enterprise Markets