How AI, OpenAI, and ChatGPT impact business and software.
Contingency Planning and Risk Mitigation Strategies for Cloud-based Technology Transactions - UP 2014 Cloud Computing Conference
1. 1
Contingency Planning and Risk Mitigation Strategies
for Cloud-based Technology Transactions
December 2014
Iron Mountain Intellectual Property Management
John Boruvka, Vice President
2. 2
Changing Cloud Market Landscape
Due Diligence and Risk Management
Practical Strategies for Providers and Subscribers
What is the End Game? Application Continuity,
Service Sustainability or Something Else?
Is There Anything Else We Should Cover?
Your Agenda
3. 3
The Techtonic Shift in Tech Delivery
85% of new software is now
being built for the cloud
IBM 2013 Annual Report
4. 4
• Bankruptcy (a “Nirvanix-Like
Occurrence”)
• M&A (non prevailing products
suffer from extinction)
• Contract Breach & Disputes
• Force Majeure - Extended
Outage
• Exit Strategy
• Can’t Recover Your Data?
“Yes, But What-If? Then What?”
5. 5
Legal Community Needs to Help with Due Diligence
as 79% of Providers don’t guarantee application continuity to their
subscribers*
What are the Market Realities We See with
Enterprise SaaS Subscribers?
Accepting source code escrow
and not thinking through the what
will I do with it?
Not unpacking the DR/BC
question. The DR is there only as
long as the Provider is.
Not talking through the
RTO/RPO’s for their data and
access to it in SLA’s
Deploying the application and
dealing with it later…
6. 6
The contraction of the SaaS market will come and force these
issues as 40% of SaaS Providers are more likely to fail than their
on-premises counterparts
What are the Market Realities We See with SaaS
Providers Addressing the Risk Issues?
Struggling with a “real answer” to the
question of “what if” you disappear?
In terms of Subscribers access to
“their data” – the answer is most of
the time “a professional services
engagement” to help you
Not addressing the “Elephant in the
Room”. Don’t have a real disaster
recovery or business continuity plans
in place.
Telling the Subscriber to “trust me” or
offer source code escrow.
8. 8
The Need to Assess SaaS Risks Differently
- Take the application
- On-Premises
Hire Managed Service
Provider to host and
maintain the app
Recover your data and
migrate to a new solution
Update Your Resume
Application Continuity or is it Service Sustainability?
9. 9
How Are Subscribers & Providers Enabling
Contingency Plans?
Litigation &
Courts
• Is this a real
plan?
MSP
“Insurance”
• Promise to pay
fees to keep
lights on?
Software
Escrow
• Static code
and data
snapshots?
VM Back
Up
• Dynamic
Application
and Data
Back Up
Application
Continuity
• Warm Back
Up of App &
Data to
Standby
Environment
High
Availability
• Real Time
Replication
of App &
Data
Build Trust Based on Criticality
How Critical is the App to the Subscriber?
10. 10
What The Subscriber (Buyer) Needs?
• Is it Application Continuity
• Time to Migrate to a New Solution
• Unencumbered Access to Their Data
• Timely Access to Components Necessary to Make
Use of their Data
• Leverage to Optimize the Vendor Relationship
• Satisfy Governance, Risk & Compliance Policy
• Minimize Risk of Loss
• Avoid Litigation and the Courts
11. 11
What Do Providers Want?
• Satisfies a Client Requirement
• Instills Trust with Buyer - Credibility
• Shortens the Sales Cycle
• Competitive Advantage – Marketing Value!
• Sell Protection as a Value-Added Service Option
• Improve the Value of their Intellectual Property
• Enables SaaS in the Enterprise Markets