Why do you have so many vendors?
The abundance of cloud service offerings designed to address specific business needs may entice your organization to purchase similar cloud services in multiple business areas. Additionally, business needs change and the cloud vendor’s offerings may expand, which can lead to overlapping or duplicate cloud services. Overlapping cloud systems increase costs and, if sensitive data is involved, increase exposure to risk of security and contractual breaches.
How do you move forward?
The issues identified above are just the tip of the iceberg. Your vendor management strategy depends on a number of factors, including industry and risk tolerance. It is important to develop and implement a vendor management process. Here are some things you can do to develop your own vendor management process:
- Identify key stakeholders across your organization and develop a cross-functional team to address vendor management issues and participate in the process. Team members could include management, legal, IT and procurement. Your efforts to establish a complete solution are unlikely to be successful if you do not have the support and involvement of your organization’s key stakeholders.
- Understand the types of data your organization has and establish the criteria your organization will use to classify data.
- Use your established classification criteria to develop policies and procedures that set expectations for your personnel and vendors on how to handle and manage your data and access to your systems.
- Map how data flows through your organization by identifying which vendors have access to which systems and the type and scope of access they have.
- Follow the process and be diligent; processes only work if they are applied consistently.
With proper planning, management and execution, you can successfully manage your expanding cloud services portfolio.
Kyle Wood is senior counsel at Perkins Coie LLP — Technology Transactions and Privacy Group. Jordon De La Cruz is an associate at Perkins Coie LLP — Technology Transactions and Privacy Group.