To determine a vendor's viability, Staten proposes doing in-depth research, asking the vendor to provide under a nondisclosure agreement information such as its cash position. He also talks to the venture capitalists backing the company about their commitment to it. In addition, Staten recommends asking references whether they're just dipping their toes in the water with a vendor or making a bigger commitment.
Serena Software's Bonvanie also advises companies to specify an exit strategy in their contracts. "The imperative is that you agree with your vendor on what the procedures are for abandoning their application, if needed," he says. For instance, how does data come out, and what is the vendor's involvement in making that happen? How much time do you have to get the data out after service non-renewal?
In many of its contracts, Serena inserts escrows to regulate what happens to its cloud software vendors' source code if the vendors cease operations. Bonvanie says he has found that cloud vendors are more forthcoming about doing this than most traditional vendors.
It's also essential to set policies early on as to how your company is going to use the cloud and under what circumstances, Staten says. This is especially important when it comes to securing data in the cloud, which often requires customization by the user. "You have to do things above and beyond what the cloud vendor provides to be secure or compliant," he says.
So if you want to use five different cloud vendors, for instance, you need to be sure beforehand that you can apply those customizations to all five platforms.
Creating these types of policies is not something many companies are doing yet, "because use of the cloud right now is a bit like the Wild West," Staten says.
However, Staten points out that security customization is yet another way to get locked into a particular vendor, because if you wanted to move to a different provider, you would need to unwind and then redo all that work.
Maturity takes time
Over time, standards will develop, Staten says, most likely driven by customer demand. This won't happen without tension, he says, because customer demand will be offset by the advantages that vendors see in lock-in. For that reason, users need to be adamant about which standards they desire and where they're most important. One crucial area is in using open Web services in application-to-application communication, Staten says.