Best Practices for Cloud Negotiation

Sourcing, procurement and vendor management leaders must develop a negotiation and risk mitigation strategy before selecting a cloud IaaS solution.

The journey has been long and full of challenges, but the day has finally come. Linda’s organization has decided to move to the cloud. As the sourcing, procurement and vendor management (SPVM) leader, it’s her duty to choose the right cloud solution and negotiate the best possible contract. This is easier said than done.

“Infrastructure as a service (IaaS) is the fastest growing cloud model worldwide,” explains DD Mishra, research director at Gartner. “In fact, Gartner predicts that the cloud compute IaaS market, in terms of end-user spending, will achieve a compound annual growth rate of 28.7 percent between now and 2022.”

Unsanctioned use of cloud services can be a serious threat to organizations

Linda can choose one of the hyperscale providers such as Amazon Web Services (AWS), Microsoft Azure, Google or Alibaba. Or, she can opt for a more traditional vendor with large-scale cloud offerings such as IBM, DXC or Fujitsu. The selection process goes beyond assessing providers’ technology and functionality. Linda must develop a clear negotiation and risk mitigation strategy to avoid hidden and indirect costs, effectively determine potential risks, and negotiate favorable terms and conditions.

Below, Mishra shares three best practices that Linda and other SPVM leaders can use to successfully negotiate on a cloud solution.

Assess and address common mistakes

One big advantage of cloud services is that they enable users to buy services easily and directly. This is also a risk.

“Nearly half of IT spending on the cloud is outside of the IT budget. That means the IT department, in many cases, is unaware of the spending and can’t apply practices and risk mitigation steps,” says Mishra. “In the era of the General Data Protection Regulation (GDPR) and other data compliance regulations, unsanctioned use of cloud services can be a serious threat to organizations.”

SPVM leaders must keep those risks and others in mind before they choose a cloud provider. “Consider current and future security, compliance and regulatory requirements to ensure cloud IaaS does not pose a risk to the business,” Mishra adds.

Reduce vendor risk and drive business initiatives

Gartner IT Sourcing, Procurement, Vendor & Asset Management Summit 2019


Have your must-have list ready

A lot of organizations struggle to accept the standard terms and conditions of public cloud IaaS contracts. The most challenging factor is likely to be location, as deals across different geographies introduce risks such as varying contractual practices and unfamiliarity with local systems.

“SVPM leaders have to assess their organization’s main areas of concern first and create a must-have list,” says Mishra. “The second step is to identify the associated terms and conditions in the IaaS agreements and see if they address concerns or need to be renegotiated.”

For example, every contract should contain customized end-of-term agreements for moving data back in-house or to another provider. The standard termination notice is 30 days, which may be insufficient for big amounts of data.

Uncover hidden costs and total cost of ownership (TCO)

Cost reduction is a leading driver of public cloud IaaS adoption. In a recent Gartner survey, the majority of respondents considered cost savings as one of the main reasons for moving to the cloud. However, the ROI often is not as obvious as expected and needs to be carefully analyzed. Add-ons, data transfer, security, backups and many other small but necessary capabilities create a pile of hidden costs.

“Having a good understanding of hidden costs is extremely important to create an accurate business case and estimate TCO. SVPM leaders should develop best, realistic and worst-case scenarios, and include historical data to verify whether or not the calculated future demand is what they think it is,” Mishra adds.

Gartner clients can read more about the preparation for a move to the cloud in “Three Best Practices to Prepare for Public Cloud IaaS Negotiation and Risk Mitigation” by DD Mishra, et al.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Gartner IT Roadmap for Cybersecurity: A Resilient Strategy

Gartner IT roadmap for cybersecurity based on unbiased research and...

Learn More


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching