Contracting in the Cloud: An Interview with Shawn Helms, Partner, K&L Gates [Part 2]

In case you missed Part I of my interview with K&L Gates Partner Shawn Helms, he and I discussed how cloud and standardized delivery models are disrupting the traditional contracting process. Here’s Part II of our interview:

Jones: One area that is really interesting to me is that in the traditional sourcing world, customers “trust but verify” – the verification oftentimes taking place via an on-site audit. As you are well aware, providers of multi-tenant cloud solutions often won’t allow this because it potentially breaches the confidentially agreements of other customers. So my question: how do customers “verify” in a world of standardized, shared platforms? How do customers know where there data is and verify that it is safe?

Helms: In short – buyers don’t verify, they only trust. This is largely because “verification” related to data storage is often not really feasible. With the exception of a dedicated, private cloud, most cloud solutions are largely distributed in nature. Data is stored across various computers, SANs and physical locations. There are often multiple data stores with a hot or warm backup in another location. Some customers demand to know where there data is stored, at all times. This is understandable, but not always realistic. Often, the best a customer can do it to understand the cloud system architecture, location of the provider’s data centers and the platforms used to provide the solution.

Jones: How do you account for these new distributed architectures in your contracts? What are the protections you recommend?

Helms: When representing a customer, we try to include general audit rights in the contract and an obligation for the provider to store customer data at a specific data center. We will then try to get “step-in rights” allowing the customer to take over the data, right where it sits, if something goes terribly wrong. However, as you note, providers often push back on audit rights and step-in rights arguing that confidentiality prevents one customer from auditing or taking over a leveraged system. I am somewhat skeptical of this argument and believe this is largely just an excuse to avoid a having these rights in a contract.  Cloud providers almost always logically segment customer data. Therefore, an audit or step-in by one customer would not violate the confidentiality of another customer. However, that does not mean that this is easy for providers. It is not and there is not yet a typical market solution for this issue.

Jones: Let’s talk about exclusivity, minimums and termination rights. How have you seen these issues change over the past 10 years? What will contracts look like in five years?

Helms: As discussed above, the outsourcing market and outsourcing contracts have changed dramatically over the last ten years. Many early IT outsourcing contracts were exclusive – obligating the customer to use only one provider for all technology services for the duration of the contract term. Over time, exclusive arrangements fell out of favor but were replaced by minimum commitments. Termination rights for the customer were also very limited. Providers had to make significant up front investments at the start of the outsourcing arrangement and therefore had to lock in customers for a long enough time to recover that investment.

Today providers can ramp-up an outsourcing arrangement with limited investment by utilizing standard solutions and leveraged platforms. Customers understand this and are demanding more flexibility.  As a result, contracts are never exclusive, minimum commitments are decreasing and customers have broader termination rights. In five years, if the current trends continue, I would expect that minimum commitments will be almost nonexistent and customers will have broad termination for convenience rights.

Jones: I’m interested in your thoughts on the RFP process and how you see it changing from the attorney’s perspective – what are some of the key levers clients can pull to expedite the process?

Helms: I think the days of early provider meetings, followed by an RFI, followed by a 100-plus page RFP are substantially over. A long RFP process was often necessary to explain all the aspects of the customer’s systems and process that the provider was expected to take over. Because more and more customers are willing to accept the provider’s standard solution, there is no need to have a detailed and elongated RFP process. In fact, we are in favor of an expedited and flexible RFP process. For example, we believe the RFI/RFP can be replaced with one RFS (Request For Solution). This can be a ten to 20 page document detailing the business requirements and requesting providers to propose a solution. This document should not dictate a solution or spend much time explaining the existing environment.  It should however explain the customers’ business problem and invite providers to get creative is proposing a solution. Additionally, we encourage customers to not force an apples-to-apples comparison in the solution, even for the pricing model. Rather, allow providers to propose their standard solution and structure the deal in the manner that they believe is most efficient. That is better for the providers and ultimately more cost efficient for the customer.

Jones: Outsourcing is a mature market, and most organizations have executed at least one large outsourcing transaction. As a result, many companies have internal legal counsel and procurement teams that are quite experienced in sourcing. Given this, have you seen a decrease in demand for outside outsourcing legal experts and consultants?

Helms: It’s a good question. We have not seen a decrease in demand, but I think some have. The reality is many companies do have strong internal resources.  However, these deals are changing and the level of complexity is not decreasing. In fact, many would argue that, although the deals are smaller in value, they are increasing in complexity. This is primarily driven by multi-sourcing. Having many providers in the environment leads to complications in responsibility, reporting, governance and many other aspects of running an IT department. There is also an emerging trend to have one provider serve as a “service integrator” bringing together service delivery from multiple providers. This allows multi-sourcing but provides the customer a single point of responsibility. Making these new arrangements work is quite a challenge and getting some outside counsel is often helpful for organizations – regardless of their internal resources.

Furthermore, cloud computing and the other market dynamics discussed earlier are simply changing how outsourcing deals are done. Therefore, if a company had experience from just three years ago, this is somewhat dated. I think outsourcing consultants are needed just as much now as they were 20 years ago – not because companies don’t know how to do an outsourcing deal, but because outsourcing has changed. Sourcing consultants have a wealth of information and a market view that cannotbe matched by a company’s internal resources.

Jones: Terrific insights Shawn. Thank you for your time!

About the author

Stanton helps enterprise IT and sourcing leaders rationalize and capitalize on emerging technology opportunities in the context of the global sourcing industry. He brings extensive knowledge of today’s cloud and automation ecosystems, as well as other disruptive trends that are helping to shape and disrupt the business computing landscape. Stanton has been with ISG for more over a decade. During his tenure he has helped clients develop, negotiate and implement cloud infrastructure sourcing strategies, evaluate and select software-as-a-service platforms, identify and implement best-in-class service brokerage models, and assess how the emerging cloud master architecture can be leveraged for competitive advantage. Stanton has also guided a number of leading service providers in the development of next-generation cloud strategies. Stanton is a recognized industry expert, and has been quoted in CIOForbes and The Times of London. You can follow Stanton on Twitter: @stantonmjones.