Most new software these days is sold as a ‘cloud service’.  While previously you bought a CD ROM that you popped in your computer and ran the program on that local computer, cloud software means that the program is running on a server somewhere else in the world and delivered to you via the Internet. 

There are lots of benefits to this: no need to buy big servers, you can rapidly scale up and down to match demand, and you can often access a ‘pay as you go’ subscription pricing model. 

There are a few trade-offs though, none as important as the ‘end-to-end’ problem – that is, it now takes multiple third parties to work together to ensure you get your technology outcome - from the software provider, to the data centre, to the network provider and your own IT team.  Who is looking after your solution end-to-end’, and who is responsible if one of the links in the chain breaks?

When purchasing a cloud service, here are just a few issues that often get forgotten.

  1. How business critical is the software?  Knowing this will influence each of the next three questions.  An application that runs your just-in-time production process should be treated differently than your marketing email scheduler. 

  2. Where will the software be hosted, and who controls that hardware?  If the provision of hardware isn’t bundled up in your subscription, you may need to find an infrastructure or hosting third party.

  3. What is your network infrastructure?  The telecommunications links between your end users and the cloud are often the weakest link, and will determine end user experience and the overall availability of a solution.

  4. What information are you putting into the cloud?  Consider your requirements for availability, integrity and confidentiality of that data before sending it into a cloud solution you don’t fully understand.

There is rarely an ‘end to end’ responsibility for delivering a cloud service to your end users.  Understanding these elements, who is responsible for what, and aligning their services with your organisation’s risk profile is critical.

For further information or advice, please contact:

Paul Gray
Principal Lawyer
T  03 5225 5231
E  pgray@ha.legal

Harriet Burton
Associate
T: 03 5225 5215
E: hburton@ha.legal