Keeping these ten steps in mind will help organizations deliver even greater outcomes when looking for an efficient cloud-centric procurement process
The standardized commercial delivery model of cloud computing is fundamentally different from the traditional model for on-premises IT purchases. Understanding this difference can help you structure a more effective procurement model. IaaS cloud services eliminate the customer's need to own physical assets.
A key element of a successful cloud strategy is the involvement of all key stakeholders at an early stage. Promoting a culture of innovation and educating staff on the benefits of the cloud how to use cloud technology helps those with institutional knowledge understand the cloud.
Public sector stakeholders involved in cloud procurements should ask the right questions to solicit the best solutions. Successful cloud procurement strategies focus on application-level, performance-based requirements that prioritize workloads and outcomes.
There is a difference between procuring cloud infrastructure (IaaS) and procuring labor to utilize cloud infrastructure or managed services, such as Software as a Service (SaaS). Successful cloud procurements separate cloud infrastructure from "hands-on keyboard" services and labor, or other managed services purchases.
To realize the benefits of cloud computing you need to think beyond the commonly accepted approach of fixed-price contracting. To contract for the cloud in a manner that accounts for fluctuating demand, you need a contract that lets you pay for services as they are consumed.
Leveraging industry best practices regarding security, privacy, and auditing provides assurance that effective physical and logical security controls are in place. This prevents overly burdensome processes and duplicative approval workflows that are often unjustified by real risk and compliance needs.
As cloud computing customers are building systems on a cloud infrastructure, the security and compliance responsibilities are shared between service providers and cloud consumers.
Organizations should retain full control and ownership over their data and choose the geographic locations in which to store their data, with CSP identity and access controls available to restrict access to customer infrastructure and data.
Cloud computer should be purchased as a commercial item, and organizations should consider which terms and conditions are appropriate (and not appropriate) in this context.
Cloud evaluation criteria should focus on system performance requirements. Select the appropriate CSP from an established resource pool to take advantage of the cloud's elasticity, cost efficiencies, and rapid scalability.