Lilting Loons: A hypothetical case study illustrates many of the benefits and dangers of cloud computing.
Cloud computing is changing the face of business.
The rapid expansion of cloud-based solutions for corporate planning, customer and human resources management, accounting and other key business functions has enabled organizations of all sizes to streamline by relying on agile and cost-effective technology services.
But as businesses rely more on technology vendors to manage critical data and facilitate key business operations, there are some best practices to consider. Consider the case of Lilting Loons, a fictional loon decoy manufacturer and distributor whose sad experiences illustrate storm clouds Minnesota companies should avoid.
Lilting Loons was an early adopter of cloud computing technology, taking advantage of the powerful software applications made affordable for smaller companies. The company subscribed to cloud-based, Internet-accessible strategic planning tools and order fulfillment software for its factory. It also signed up with a second vendor to subscribe to customer tracking software that allowed its salespeople to remotely log in from anywhere and have customer contact information, notes, purchasing histories, and more at their fingertips.
Unfortunately, the order fulfillment system unexpectedly went down for a week during Lilting Loons' peak order season. While the system ultimately went back online, Lilting Loons was not able to fill the backlog of orders on the system in a timely manner. This led to unhappy customers and canceled orders. And timing could not have been worse, when one of Lilting Loons' salespeople accessed competitively sensitive information from its customer database and downloaded it to his personal computer the day before leaving the company.
Now Lilting Loons is looking for a new fulfillment software vendor. Dissatisfied with its current vendor, Lilting Loons has refused to pay the company. In response, the vendor refuses to provide Lilting Loons with any order information until all its invoices are paid.
Ideally, Lilting Loons will be able to negotiate an acceptable transition plan that includes the vendor providing the data to Lilting Loons or its new vendor in an acceptable format. Short of that, this dispute may end up in court.
As it evaluates new providers, particularly for mission-critical business functions, Lilting Loons should conduct a request for proposal (RFP) process that thoroughly evaluates each vendor's reputation, financial stability and provides a thorough understanding of its data management and security practices.
The process -- and eventually the new contract with the vendor -- should cover service standards, security standards, notifications when changes are made and remedies for when standards are not met. It also should include location, access to and ownership of the company's data, liability and indemnification for data breaches and service outages, disaster recovery and backup plans, and post-termination obligations and transition services.
Vendor partnerships are key
In addition to pursuing claims against the ex-employee, Lilting Loons should work with its customer database vendor to find out exactly what customer information the former salesperson accessed and captured. The vendor is obligated to keep access logs and download logs for four weeks before they are deleted. Luckily, Lilting Loons acted quickly and made the request to its cloud vendor within that four-week window.
Fortunately, the provider also believes in great customer service and provides live support 24/7 to help interpret the access logs and explain alternative security settings, so Lilting Loons can assess the damage, understand how the former salesperson was able to steal information, and minimize the chances of a repeat situation.
This hypothetical case underscores the issues that businesses are experiencing with cloud-technology services. While cloud computing offers cost-effective technology for many businesses, it is critical to take the time up front to vet vendors and their business and security practices, understand the scope of the technology and services, negotiate contracts that address business interests, and continually work with technology vendors to address issues as they arise.