Live Help
Call Us +1.407.740.0700
Sourcing the Cloud - Cloud Acquisition Strategies Course

Cloud Acquisition Strategies Course

Have this course taught at your site!

CAUCUS Members save $200


In this seminar you’ll gain an understanding of some of the elements for acquiring cloud services while building risk mitigation strategies, including:

  • Making choices
  • Creating a set of sourcing cloud governances
  • Adopting a set of cloud sourcing principles
  • Sourcing based risks mitigation strategies
  • Organizing cloud sourcing teams
  • Exploring cloud-specific requests for proposal (RFPs)
  • Assessing the cloud provider market
  • Gaining alignment with internal stakeholders
  • Standardized auditing practices
  • Testing and assurance


In this Sourcing the Cloud seminar we will examine similarities and differences in cloud acquisition strategies. As the clouds continue to grow, it is important to choose cautiously. It is important to be strategic in an environment that has yet to mature. We need to execute tactically, with flexibility.

Several authorities in the industry have suggested that the question is not if a cloud service will be used, but when will it be used. It also has been suggested that many are using cloud services already and may not even realize it.


  • Sourcing cloud services
  • Building cloud sourcing principles
  • Balancing the benefits with the risks
  • Mitigating risks through sourcing strategies
  • Pricing and costing
  • Building RFx
  • What skills are evolving
  • Exchange thoughts and experiences
  • What others are doing
  • What some of the experts are saying


  • Abbreviated software as a service (SaaS) checklist and template
  • Cloud-specific elements to include with RFxs
  • Descriptions of cloud servicing teams
  • Developing a skilled knowledge base to drive the selection process
  • A list of suggested sourcing principles
  • Strategies to manage costs
  • Risk assessment matrices
  • Sample pricing grids
  • A list of suggested readings
  • Selected Web site references


CTPE ICN courses qualify for CTPE credits. Caucus awards up to 12.5 continuing education hours to attendees of this workshop toward their Certified Technology Procurement Executive certification.
C.P.M. Those successfully completing this workshop can receive up to 12.5 C.P.M. points. ISM’s consent to award points is not an endorsement of this program or its contents.
C.L.E. Those successfully completing this workshop can receive up to 13.5 C.L.E. units.

Why Sourcing the Cloud Workshop

Cloud as a Service has quickly become one of the more strategic initiatives being explored by many in the private and public sectors. The attractive benefit of nimble solutions, while lowering cost, has captured the imagination and attention of top leaders. Yet, while the prospects of adopting cloud services are projected to rise, there is equal concern about the inherent risks of information security and identity protection. There are continual reports about hacker intrusion and loss of information.

Acquiring cloud services needs to be balanced with the best cloud solutions while building an appropriate attention to risk identification and mitigation. Sourcing professionals play an important role by facilitating processes that lead to the best in cloud service choices.

Who Should Attend?

This seminar is a must-attend learning event for anyone implementing, planning or considering adopting a cloud computing solution, including:

  • IT Professionals
  • Business Managers
  • Procurement and Sourcing Professionals
  • Other professionals: Lawyers, Auditors, Risk Managers and Accountants


Have this course taught at your site!

3 Ways to Register

  • Register Online Now
  • Register by Phone: 407.740.0700
    Monday–Friday between 8:30 am and 5:00 pm ET
  • Register by Fax: 407.740.0368 using our Fax Registration Form

Multi-registration discounts are available. Call us now to find out your level of discount!

Major Credit Cards Accepted

Workshop Outline

Click here for a print friendly course outline


  • Sourcing — what is the same and different
  • Internal alignment
  • Executive expectations of sourcing team
  • Custom build
  • Adapt to culture

Cloud services have been around, such as

  • eMail
  • Telecommuting
  • Reverse auction
  • eProcurement
  • Online photo albums


Cloud Services enable convenient, on-demand internet access to a shared pool of resources with minimal effort or provider intervention


  • SaaS (Software as a Service)
  • PaaS (Platform as a Service)
  • IaaS (Infrastructure as a Service)
  • FaaS (Fax as a Service)
  • RaaS (Recovery as a Service)
  • PaaS (Printing as a Service)
  • XaaS

New approaches

  • Private clouds
  • Public clouds
  • Hybrid clouds

What we like about cloud services

  • Nimble — request for service is immediate
  • Elasticity — can expand or reduce
  • Instant expertise
  • Quantity of resources unlimited
  • Available anywhere, any time
  • Ease of entry
  • Independence
  • Paying for only what is needed, when needed
  • Getting prompt access to the latest versions
  • Requests for services are satisfied immediately
  • Potential cost savings

Success stories — savings

  • Public eMail — 23% cost reduction
  • Transfer to cloud reduced costs from $90 to $50 per employee
  • 18% cost reduction with an IaaS platform
  • Company avoided building new operations center

Providers are ebbing and flowing

  • Influx of players
  • Unstable
  • Little standardization
  • Confusing regulation
  • Jostling for position
  • Mergers and acquisitions
  • Fragmented competition

Numbers — growing and changing

  • 2,000+ SaaS
  • 30+ IaaS
  • 40+ PaaS

Mergers and acquisitions

  • Cloud provider Magic Software Enterprises announces acquisition of Blue Phoenix’s AppBuilder
  • Internap purchases Voxel
  • Verizon, Time Warner acquisitions: Harbingers Cloud consolidation
  • EMC plans for hybrid cloud through more acquisitions
  • AT&T has created a major partnership with Openstack
  • Oracle plans to pay $1.5 billion for RightNow Technologies Inc., a Bozeman, Mont., company that provides cloud-based customer service

M&A Focus

  • Acquiring a capability
  • Buying patents
  • Removing competition
  • Sunsetting a service
  • Gaining market share
  • Building critical mass

Embracing the future

  • Not if a cloud service will be used, but when
  • Many already are using it and do not realize it
  • Need planning, execution and monitoring
  • Strategic sourcing is a critical part of the journey

New implications

  • Cloud risk management
  • Cloud operations management
  • Human resources
  • Staffing — jobs surfacing
  • Sourcing strategies

Sourcing implications

  • Public cloud services typically are a shared service comingled with other provider clients
  • Protection strategies for data that is stored someplace else
  • Creating competition
  • Risk protection through contracting
  • Negotiate clear M&A requirements
  • RFx critical tool
  • Internal collaboration is essential
  • Cloud risk managers are important members of sourcing teams
  • Need tools to support service levels, financial accounting and consumption monitoring
  • Enterprise governance
  • Cross-functional thinking
  • Templates


  • Sony attacked by irate gamer
  • Gmail — 70,000 emails intercepted and stolen
  • Epsilon — $4.5 billion loss of data
  • Citi Group breach 360,000 credit cards
  • Symantec confirms hacker theft of Norton AntiVirus source code
  • Visa breach — 1.5 million credit card IDs stolen
  • Mail services — software bug deleted 40,000 users’ email messages, folders and labels
  • Data backup tapes found in state employee’s trunk
  • Zappos, the Amazon-owned shoe and apparel retailer, reported that more than 24 million of its customer accounts had been compromised

Cost of cloud services — savings estimates

  • Expert commentary varies
  • 39%–68% savings
  • 114% more
  • Savings potential depends on cloud model (public or private), usage levels, scope of what is being migrated… and more

Why the savings variance

  • Still learning
  • Providers continually changing pricing models
  • Uncertainty
  • Lack of accurate data
  • Type of cloud — private or public
  • Unclear on current utilization of resources
  • Underestimating the increased costs to monitor and manage cloud services

Pricing models

  • Consumption vs. fixed costs choices
  • Resource choices (e.g. storage, speed)
  • Number of users base
  • Active users
  • Subscriptions — sharing
  • Capacity based
  • Asset based
  • Transaction based

Ease of entry — benefit or not?

  • Is freedom of access a good thing?
  • Are business users bypassing IT to sign up for cloud services?
  • Does freedom of choice lead to siloed cloud selection with the possibility of multiple service providers providing same service

Costing Issues

  • Over spending
  • Wanting to modify
  • Time zone variances
  • Service level drivers
  • Enticements
  • Freemium

Pricing and costing strategies

  • Metering
  • Designated user
  • Data compression
  • Shared servers
  • Innovation
  • What else?

Gain clarity with cost models

  • What have we learned from past?
  • What are we buying?
  • What will be the initial costs?
  • What will be long-term costs?
  • What will maintenance cost?
  • What are we getting?
  • Sometimes it may be more important to be first to market (rather than just savings), but should still source for the future

Collaborate with finance, business units, IT and operations

  • Financial management
  • Simplicity — easy to compute and track
  • Monitoring usage
  • Forecasting who, how much, when

Threats and consequences

  • Threats
  • Hacking
  • Bot herders
  • Viruses
  • Theft
  • Loss of customer database
  • Damage
  • Interruption to operations
  • Costly rebuild
  • Damage to company reputation
  • Loss of income

Other unexpected consequences

  • Lack of version choice — must go with version
  • Exit difficulty
  • Lack of disaster recovery/business continuity plan
  • Maintaining regulatory compliance
  • Never assume a service provider will treat your data as if it were its own
  • Do not assume a service provider will back up your data
  • Practice disaster recovery
  • Follow your data
  • Where data is located

Mitigating risks

  • Adopt cloud policies
  • Source team members
  • Explore choices
  • Technology
  • Security recovery strategies
  • Cyber insurance
  • Standardized auditing practices
  • Conduct testing
  • Contracts
  • RFxs
  • Think strategically

Guiding principles

  • Adopt cloud sourcing policies
  • Archiving and storing information
  • Authentication management
  • Contracts
  • Corporate adherence to security practices
  • Data protection is everyone’s job
  • Deduplication
  • Develop technology priorities in RFx
  • Disaster recovery practices
  • Document library
  • Encryption and other tools
  • Explore your choices
  • Getting data returned
  • Internally align a balanced cloud sourcing team — need to include cloud expertise and those assigned managers
  • Isolate risk — dedicated (unshared) servers
  • Onboarding and off-boarding providers
  • Policies will be documented and communicated
  • Policies will be reviewed annually
  • Spread risk — multiple servers
  • Use cross-functional teams

Seek security recovery practices with RFx

  • Emergency shutdown immediately — delays in can lead to theft
  • Contingency plans for running in degraded mode
  • Backup practices for information that is on a shared server in which other tenants become liable and the server is seized
  • Liability to third parties if you introduce a virus
  • Standardized auditing

General RFx cloud topics

  • General
  • Operations
  • Certification
  • Data protection
  • Encryption
  • Security
  • Service levels
  • Customer support and services
  • Transitioning
  • Ownership
  • Pricing
  • Reporting and monitoring
  • Innovation


  • Global markets
  • Private clouds predicted to grow
  • Big data

Closing thoughts

  • Proactive
  • Strategic practices
  • Use of clouds is inevitable
  • Contracts are a must, but cannot contract way out of the cloud
  • Internal collaboration is essential
  • Business units want to be nimble and flexible
  • Risk management is more intense
  • More you go public, less control you have
  • Reputational damage may not be able to be restored

Click here for a print friendly course outline