Yankee Group Warns Enterprises on Public Cloud Risks 
For CIOs, enterprise architects and other IT professionals looking to exploit resources from the public cloud, Yankee Group researchers have two words for you: Caveat Emptor. In its first-of-its-kind report, Yankee Group evaluated more than 40 top providers of cloud-based software, infrastructure and PaaS providers, including Amazon, Google, Microsoft, Salesforce.com and Rackspace.
For CIOs, enterprise architects and other IT professionals looking to exploit resources from the public cloud, Yankee Group has two words for you: Caveat Emptor.
In its first-of-its-kind report, Yankee Group evaluated more than 40 top providers of cloud-based software, infrastructure and PaaS providers, including Amazon, Google, Microsoft, Salesforce.com and Rackspace.
The result: Prospective enterprise customers looking for assurances they will receive terms of service (TOS), service-level agreements (SLAs) and privacy policies may be a bit underwhelmed
The Yankee Group’s report Cloud 99.99: The Small Print Exposed found effective April 2010 that cloud contracts contain numerous disclaimers, misleading uptime guarantees, as well as questionable privacy policies and compliance claims. Further, no public cloud provider at present offers a cash payout as standard compensation if it breaks a contractual promise. Instead, they offer a credit or let the customer terminate their contract.
Yankee Group’s report says those options just don’t cut it for many prospective public cloud users. In fact, the report’s executive summary is quite frank on the issue: “It’s time to get steamed about the cloud’s hot air,” it reads.
The report further said: “Cloud vendors offer enterprises poor service guarantees and limited financial redress if their service fails. Get-out clauses are rife, and worryingly, robust privacy policies are rare, potentially exposing enterprises to litigation. Enterprises must take a close look at the small print before they proceed, and develop proactive strategies to get the best out of cloud services.”
Yankee Group VP and senior research fellow Camille Mendler, and author of the study suggested that it will be cloud providers that will need to beef up their offerings, and not up to prospective customers to water down their requirements. “Cloud service providers better clean up their act fast because major investment decisions hang in the balance,” Mendler said in a statement. “Enterprises need transparency, professionalism and certainty to invest in cloud services.”
Yankee Group’s report also warned enterprise IT professionals on three (3) specific public cloud ‘gotchas,’ including:
- Slippery SLAs: Enterprises should watch out for SLAs that promise almost 100 percent uptime rates, but never come close to that goal. Vendors also tend to play fast and loose with scheduled maintenance windows;
- Cagey Compliance: In addition to a SAS-70-certification, doesn’t guarantee safety or survivability, companies should look for vendors with ISO 27000 credentials, and also check vendors adequacy against international regulations for data protection; and
- Self-Serving Metrics: Steer clear of vendors that act as both judge and jury when it comes to determining service performance. The use of third-party performance monitoring tools must become table stakes for credibility.
Yankee Group’s Cloud 99.99: The Small Print Exposed also identifies contractual risks for enterprises, as well as potential mitigation strategies.
