A recent study from KPMG listed the threat of vendor lock-in as one of the reasons CIOs hesitate sending their companies’ data into the cloud. Walter van Holst and Mike Chung followed that report up with their in-depth look at the difficulties with which CIOs are faced by that phenomenon.
As I wrote in a recent article in Computable.nl,, we are gradually building up some experience in Cloud Computing which is permitting companies to evaluate the risks based upon the experience of others rather than on pure hype. We now begin to see areas in which even smaller “Davids” might be able to find room to negotiate when they face the “Goliaths” of the Cloud Computing world.
One approach is to look at the kinds of deals that the mega-providers of Cloud Computing have struck with their equally large customers. In those deals, the parties have found areas in which true negotiations can take place.
While Google has indeed recently closed a couple of gigantic Cloud Computing deals in the Netherlands (for instance, with Ahold a few days ago and with KLM earlier this year), we don’t (yet) know what Google had to give up to get the deals.
We do know, however, what kind of Cloud deal Google made with another Goliath: the City of Los Angeles, because that contract was published on the Internet. In it, you can effectively read what areas are, at this stage, open for discussion. Those areas include some of the most sensitive points that CIOs face – e.g., security concerns, risk of loss of data and compliance with data privacy legislation – as well as a number of other points.
The question of vendor lock-in, however, is only mentioned once and then only very briefly and only indirectly. In its agreement, upon termination, Google gives the City access to — and the ability to export — its data out of Google’s system for a limited period of time. After that, Google deletes the data. The agreement is silent, however, regarding whether Google will assist in the migration out, in what form the data will be, the procedures, time and costs required for such a migration out and if and when Google will permit verification that the data has indeed been deleted.
As the techniques of Cloud Computing mature, we begin to get a feel about what works and what does not. The legal possibilities, however, remain largely a black box. It is only through assessing the experience of others that sufficient certainty begins to build up to permit companies and institutions in the Netherlands fully to commit to this form of outsourcing.