Aug 232011

Cloud computing is truly one of the major technology shifts of our era. It’s natural for a technology solution as pervasive and beneficial as cloud computing to be oversold to users with inflated expectations. Industry observers have consistently highlighted the rapid adoption of cloud computing and cloud services by end users, which is driving an explosion of interest within the vendor community.1 Given the conservative growth rates for most software and hardware in our current economy, it’s understandable that the huge growth rate forecast for cloud attracts almost every high-tech vendor. That pervasiveness is hype, but it’s a “good” hype in that critical technologies do emerge as legitimate offerings. Unfortunately, that pervasiveness also means that many products and services (and vendors) being touted as “cloud” will not survive. So how does an IT organization manage through the good and bad hype of any emerging technology … including cloud computing?

As an IT analyst, I’ve been struck by how the consistent lack of IT operational management almost always plays a major role in a technology’s descent into the disillusionment created by hype. This has been true for LANs, ERP and CRM applications, databases, and operating systems — and the list goes on. Invariably the surviving products become great solutions, but only after the bugs of IT operational management have been resolved by vendors and users working together. And so I ask, will IT management (once again) be a factor in the descent of an emerging technology — in this case, cloud computing — into the typical slough of disillusionment?

The answer doesn’t have to be “yes.” Cloud computing is becoming too pervasive and too critical to IT’s alignment with business needs for that disillusionment to impede the rapid ascension of cloud services in any lasting way. I would offer that IT operational management can and should become a barometer for measuring which cloud technologies and cloud service providers are going to survive as great long-term solutions.

The recent cloud failures by Epsilon and Amazon are excellent examples of business risks that were probably not adequately assessed, monitored, and managed by enterprise customers. While the costs for Epsilon are estimated at US $225 million for damages incurred by an unfortunate 3% of its customers, what are the business ramifications of this massive data breach for these 75 companies?2 What was the due diligence process followed by Hilton, Marriott, Ritz-Carlton, Red Roof Inn, Disney Destinations, and other hospitality companies that chose Epsilon for cloud services? Did they move beyond the loss of email addresses in their risk analysis? What was the due diligence process followed by Foursquare and Quora in choosing Amazon for their cloud infrastructure?

A meaningful process of due diligence in procuring cloud services, including identifying and managing risks, is basic to enterprise survival. I’m unaware of any industry-accepted certification or accreditation standards in place that can assist IT organizations in ferreting out the strong and capable cloud providers from those who lack competency, experience, and/or resources. It’s a “buyer beware” environment, with each IT shop imposing its own individual standards or lack thereof. However, there are significant benefits to properly evaluating the financial, legal, compatibility, marketing, operational, management, insurance, and liability issues that pertain to each potential cloud provider.

A critical part of that due diligence would be the implementation of a private cloud in some form by enterprise-class IT organizations. How can IT operations managers, pressured by the optimism of the business users, be prepared to evaluate a cloud service provider if they have not been through the firsthand experience of implementing their own private cloud offering? How can they specify or track SLAs when they have no experience with the unique attributes of cloud metrics? It’s elementary that if IT buyers do not know what to look for in a cloud technology or vendor, they will end up with a cloud infrastructure that is poorly supported and maintained.

Evaluative question: What is your due diligence process for evaluating cloud service providers?


1 Beil, Joshua, Bob Egan, Mark Fidelman, Jeffrey Kaplan, Karl Scott, and Joe Tierney. “2011 Trends Report: Cloud Computing.” Focus Research, 30 December 2010.

2 Paraskevas, Alexandros. “The Epsilon Data Breach and the Risk for Hotel Companies.” A Space of Possibilities, 5 April 2011.


Bill Keyworth

William Keyworth focuses on IT operational excellence. Bill has established a reputation as a credible and consistent voice in maximizing business value from IT operations.


  3 Responses to “What Is the Due Diligence Process for Evaluating Cloud Providers?”

  1. You need to ask 3 questions even before you ask this question – “What Is the Due Diligence Process for Evaluating Cloud Providers?”

    Why do you want to move to the cloud?
    1. Should “Cost Saving” be your strategic objective?
    2. Do you have a business case to make “Increased Agility & Flexibility” a strategic objective?
    3. Is there a strong need to leverage the “Distributed and Scalable” nature of the cloud?

    • Udayan …when I first read your comment, I thought that you were only addressing the IaaS elements of cloud computing …but in reading your blog post referenced, I learned otherwise. Yet I would venture that the decision re: “cost saving” being a strategic objective is definitely an Infrastructure as a Service discussion …there are more compelling business reasons to pursue SaaS and PaaS than simply cost savings.

      I’m struggling with a negative answer to having a business case for increased agility and flexibility. I would offer that if any IT organization cannot benefit from increased agility/flexibility that they are fast becoming non-relevant to their business counterparts, or the company itself is in serious retrenchment. Maybe I’m in la-la land, but a critical component of ANY IT organization’s long term survival is the ability to quickly respond to changing business conditions, technology dictates, budget cutbacks, etc.

      In your blog, the third question is again a focus on IaaS considerations …and you’re asking the right question about “preparedness” for the cloud. I would offer that a significant (…if not most important) stumbling block in reducing the hype of any new technology promise to “disillusionment” deals with the capabilities of how IT is going to manage and secure that new technology …and that is something that is not being adequately discussed in the cloud discussion. I tried to raise it as a critical component in Cutter’s recent Journal that dealt with cloud computing.

      Interestingly, you don’t get into the PaaS and SaaS implications until your blog summary, but your due-diligence discussion was focused on IaaS considerations. While definition of cloud is still evolving, fI feel there remains inadequate attention on the non-IaaS elements of cloud computing.

  2. Nicely covered all the important point about due diligence process. Its very useful for evaluating cloud providers. Also the Cloud computing is becoming pervasive and critical to IT’s alignment with business needs.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>