Abstract

For large international enterprises there is a continuous trend to consolidate and transfer commodity IT infrastructure services to internal and/or external service providers in order to benefit from economies of scale, standardization and flexibility in their IT services. Although the benefits are obvious, in around 15% to 20% of these IT consolidation and outsourcing cases the global transformation fails. Reasons are primarily missing management processes, underestimation of the project’s complexity and individual application requirements as well as a lack of central governance structures. The Holy Grail of IT outsourcing, being promised by almost all service providers these days, is to procure IT services from the public cloud with enormous economies of scale, combined with a rigid standardization of services. Compared to traditional outsourcing, here the customer is in charge of the speed and scope of the standardization and the transformation risk.

This paper analyzes the possibilities of moving from a traditional IT infrastructure outsourcing (commonly private cloud environment) to full public cloud services. Public cloud services considered in this study are provided by Amazon, Google and Microsoft. The analysis is based on a representative client outsourcing use case which compares solution designs and enables a benchmark of the different services and prices. Furthermore it discusses legal and compliance matters as well as key issues of the service integration for traditional versus public cloud outsourcing.

Contents

1. Introduction & Approach
2. Traditional Outsourcing & Leading Public Cloud Services
   • A traditional Outsourcing Use Case
   • Service Mapping & Benchmarking Approach
   • Amazon Web Services
   • Microsoft Azure
   • Google Cloud
3. Evaluation Results
   • Service Congruence
   • Commercials
   • Legal & Compliance
   • Service Integration
4. Findings

1. Introduction & Approach

The consideration of using cloud computing is currently part of most discussions in the IT departments and in the business as well. Because in general business agility is continuously increasing these days, corporate IT is challenged with higher demand of flexibility, cost efficiency and ongoing new requirements in a shorter time-to-market by the companies’ business units. Amazon, Microsoft and Google invest heavily to expand their cloud services portfolio and attack traditional IT outsourcing companies such as IBM, HPE/CSC, Atos, T-Systems or the Indian service providers. Those in turn enter the battle for enterprise customers by re-establishing their data center capabilities, offering new services and forming new alliances.

Recent announcement on a strategic alliance between T-Systems and Huawei with offering public cloud services in Germany and Europe (See News ‘Teaming up for a secure, simple and affordable cloud’ provided by T-Systems in Issue 02/2015).

While in the beginning mainly start-ups took the lead as early adopters of the public cloud, an increasing number of established large-scale enterprises is nowadays using cloud services with the demand coming directly from the business units. Public cloud services have become a serious complement to traditional cloud services and on premise solutions. Cloud computing changes the way how IT services are perceived and consumed, promising a higher flexibility, agility and scalability combined with less capital expenditure (CAPEX) through a pay-as-you-go billing method. An essential leverage effect is caused by the shared usage of IT infrastructures in contrast to dedicated and private infrastructures, which are sized to maximum capacity in peak times. This approach and the proposition of standardized services allow to lower the ‘Total Costs of Ownership’ (TCO) and the provision of a better time-to-market with elastic IT services. By passing down the cost savings to the customers in terms of a continuous price-cutting, cloud service providers started the so-called price war game ‘race to zero’. Subsequently some services offered by cloud providers are free of charge or are provided with ‘unlimited’ storage for instance.

However, the traditional outsourcing providers do contribute to this battle to gain market share and face the competition as well. Driven by technical innovation, traditional outsourcing provider prices for standard services such as managed storage decreased significantly over the last years. With new formed alliances, the traditional outsourcing providers build their own public cloud with currently limited market coverage and/or establish alliances with public cloud providers. Finally these providers are positioning themselves as full service providers ranging from individual to commodity services with an end-to-end service responsibility.

Traditional outsourcing encompasses the shift of full technical and operational responsibility from an internal IT organization to an external service provider, implemented as private cloud or as a dedicated environment. Due to longtime contractual commitments as well as other rather stringent commercial terms (e.g. minimum volume/revenue commitments), traditional service providers cannot compete with public cloud providers in terms of

flexibility. On the other hand, customer legal requirements regarding specific industry standards, governance models, disaster recovery concepts and individual services to be integrated are being considered in traditional outsourcing in contrast to the use of public cloud services. The providers ensure an end-to-end service quality through the implementation of comprehensive service management processes including application operation. Typically, traditional outsourcing offerings include clauses regulating the transfer of HR, assets and 3rd party contracts (e.g. licenses) as well as the transformation to a future mode of operation. Neither this nor an individual end-to-end service quality is part of public cloud offers.

Determining the best cloud offer is quite challenging as the service offerings vary a lot in service design and structure, quality and performance as well as in pricing models and terms and conditions. A sole analysis of single service elements is often provided. However, this is misleading as many aspects such as missing service components, service integration as well as legal and compliance requirements from a client’s perspective also have to be considered. Therefore it is necessary to conduct a TCO analysis of a comprehensive customer case in order to get an ‘apples-to-apples’ comparison.

In the following chapters, a description of a customer outsourcing case and its like-for-like migration into the three public cloud environments of Amazon Web Services, Microsoft Azure and Google Cloud are given. Thereby the feasibility, commercial benefits as well as legal, compliance and service integration issues are addressed.

2. Traditional Outsourcing & Leading Public Cloud Services

2.1 A Traditional Outsourcing Use Case

Navisco has more than 15 years of experience in developing and shaping sourcing strategies and implementing these into solutions with external or internal service providers based on a standard IT service and contract model (‘NORM’) for IT infrastructure and application services. For comparison purposes, a traditional customer outsourcing case contract based on the Navisco model (NORM) has been selected.

In the following a bottom-up approach is applied in order to move existing enterprise (legacy) systems and applications to the public cloud. Very often a top-down transformation approach is conducted. This procedure is recommended for innovators where the potential of cloud services is released by the definition of a new use case. However, to transform existing environments and use cases, the bottom-up approach is more suitable.

The applied use case encloses a representative small customer data center outsourcing contract with high correlations to public cloud infrastructure services. In the following figure the services and volumes of the use case are described. So far application, database and middleware operation as managed services based on SLAs are not provided in any of the public cloud offerings at Amazon, Google and Microsoft.

The use case comprises server operations of virtual machines (VMs), storage and backup, terminal and mail services, unified communication, VPN infrastructure, firewalls, load balancers as well as a dedicated data center connection. Application operations as well as database management are excluded in the use case as their costs are mainly driven by individual personnel resources. Furthermore such services are currently not offered by any of the analyzed cloud provider. The VMs are consistently used for customer applications and the storage system is designed to store mail, file, printing, databases and application data. The following general assumptions are defined by the customer case:

• Continuous use of services (24/7)
• Contractually committed SLAs per each service
• Services include service management (e.g. planning, designing, sizing and configuring the services)
• Hosting location within the European Union

This study focuses on the comparison of operational costs between the different provider solutions. The respective transformation costs for migrating the services from the current to the future mode of operation into the cloud are not considered in this paper.

2.2 Service Mapping and Benchmarking Approach

The service mapping of the use case services to the three public cloud provider offerings has been conducted in the following steps:

• At first several customer situations and requirements to define the use case for the comparison have been analyzed. For this purpose, full IT outsourcing service agreements, including the definition of the scope of services, responsibilities, SLAs and legal & compliance requirements have been considered.
• In the second step selected public cloud offerings have been assessed according to their publicly available service agreements and price lists. Afterwards the services required in the underlying use case have been mapped to the equivalent service products of the three selected public cloud providers. This mapping has been based on functional requirements and not on a specific technical solution. For example mail services have been mapped to the equivalent public cloud email solutions such as Amazon WorkMail, Microsoft Exchange and Google Gmail.
• On the basis of the above mapping and solution design for each public cloud service product the services have been designed to get the full service levels as defined in our traditional use case. Additional costs to compensate missing services, especially service engineering and design as well as data traffic and service administration have been considered on top of the public cloud prices.
• Based on the mapping and solution design, the respective cloud providers validated the results, pricing as well as legal & compliance matters. The public cloud providers Amazon, Microsoft and Google have been selected for the study due to their comprehensive offerings and world-wide market volume.

2.3 Amazon Web Services

Amazon Web Services (AWS) is the market leader in the public cloud market since it started already as the pioneer in the year 2006. AWS is highly innovative, very responsive to the market and has the broadest and deepest range of Infrastructure as a Service (‘IaaS’) and Platform as a Service (‘PaaS’) capabilities. AWS currently has 11 data center locations all over the world with at least two availability zones each (so-called ‘regions’).

In the year 2015 the region in Frankfurt was launched which has been the fastest growing international datacenter region ever for Amazon since then. AWS attracted most customers in the cloud market. Companies such as Netflix or Soundcloud moved almost their whole infrastructure to AWS. Like other public cloud providers Amazon offers services and software through their own marketplace.

2.3 Microsoft Azure

Microsoft is the market leader for operating systems and office software and is increasingly focusing on the delivery of its software as cloud services. With Microsoft Azure, IaaS and PaaS are offered on a cloud computing platform for enterprises. With O365, a bundle of software as a service (‘SaaS’) subscriptions are offered, including products such as Microsoft Office, Outlook or Skype, as well as productivity and collaboration tools which can be utilized directly from the cloud. The Azure marketplace also offers third-party software and services.

Microsoft operates several data center locations (‘regions’) all over the world. In Europe data centers are located in Ireland and in the Netherlands. Reacting to existing data security concerns and recent turbulences about the Safe Harbor Decision in the EU, Microsoft decided to build two new data centers in Germany lately. In these German data centers, customer data will be controlled and monitored on trust by T-Systems in the future. Microsoft Azure encompasses unified services which can seamlessly interoperate with other infrastructure services and components such as active directory services, Windows servers as well as their other SaaS offerings. Having an extensive service partner ecosystem and a longtime existing customer base which is familiar with the products, puts Microsoft in the status of being one of the leading cloud providers.

2.4 Google Cloud

Google offers various internet centric services such as Google Web Search, Docs, Gmail, YouTube, Google Chrome, Maps or the Android OS. The Google cloud platform includes IaaS and PaaS offerings. Data center locations are available in the U.S., Europe (Belgium) and Asia. Being the latest entrant into the public cloud market in the peer group, Google cloud offers the smallest service portfolio.

The Google cloud is built on the same infrastructure as Google search engine, YouTube and Gmail storage. With this concept Google provides its customers access to one of the largest and most advanced computer networks. Google’s high performance backbone network connects Google data centers all over the world. Although Google does not have such an extensive enterprise and midmarket customer base like Microsoft or Amazon, it is able to keep up with the competitors in terms of technical standards.

3. Evaluation Results

Apart from the service congruence there are three other dimensions which are relevant to evaluate. First of all, the commercial dimension or the business case, second the legal and compliance aspects and finally the management and integration dimension are to be addressed. Within the context of the business case the service congruence to the three different public cloud solutions is discussed and an apples-to-apples comparison conducted. Most of the data has initially been derived from the providers’ public web offerings. Eventually, Microsoft and Google verified the results of the underlying study, especially in terms of the use case solution design and project specific pricing. Amazon, although being involved in the study and having received all the information as well, did not provide project specific prices neither validated the solution design.

3.1 Service Congruence

Almost all services required by the use case can be migrated to public cloud services by using the respective solutions of each provider. Due to Google not providing any terminal services, the use case solution has been considered in the Google case. For email services the providers’ own solutions (Exchange from Microsoft, Gmail from Google and WorkMail from Amazon) have been considered. Although these solutions differ, all public cloud services are fully compliant with the functional requirements of the use case. Such differences might also occur in the performance of servers or storage services. However, this has not been considered here, as a benchmark is not conducted on a technical solution level, but rather on a functional/ SLA comparison. As already mentioned application, middleware and database operations as managed services on the basis of SLAs are not provided by any of the three public cloud providers and have therefore been excluded from the use case. The focus of this paper is on IT infrastructure services and not on application services such as ERP or CRM as this would require a different methodological approach for a substantive comparison.

3.2 Commercials

Due to the fact that all public cloud offers consist of single building blocks which have to be assembled to a customer solution, the solution design is different and consists of multiple price elements which have to be compared. Although standard services such as server operations are quite comparable for each provider, other costs e.g. mail storage or service management are an integral part of other products and not to be paid for separately. For the business case Navisco therefore focuses on the evaluation of total costs of the defined use case and not on a comparison of single services and price units.

The business case considers best-market prices for the traditional outsourcing use case based on the Navisco Benchmark Database. The public cloud prices are calculated based on price lists dated January, 31st 2016 including discounts according to the described volumes. In the business case, nine service categories (Server, Storage, Terminal Services, Mail, Messaging, Network, Traffic, Service Management and Service Integration) based on the services and volumes described in chapter 2 are differentiated and outlined.

Obtaining services from the cloud leads to additional costs for traffic, as well as costs for service management and integration. Varying traffic costs have been reflected as additional risk costs in each of the public cloud case. Additional costs arise also due to the fact that public cloud providers do not offer fully managed services in the service definition of classical outsourcing, e.g. solution design, engineering tasks or user administration. For some services, public cloud providers only commit to limited SLAs and in case of service management issues, the customer has to bear potential costs and is responsible for solving the problem. These major differences have been financially reflected as traffic and integration costs added to each of the analyzed public cloud offers.

In the public cloud cases, Service Management is considered as a separate category. It includes necessary administration and support options such as identity and access management, auto scaling, active directory and additional support packages. In the traditional outsourcing use case the service management costs are inclded in each of the other service categories. As public cloud services are not offered in form of managed services, Navisco assumes additional effort to compensate this effect. This enables the comparability with the traditional outsourcing case and is reflected in the category Service Integration. Based on the Navisco’s expertise and its benchmarking database those service integration costs have been calculated as the personnel costs required to compensate the missing managed services not offered by the public cloud providers. We identified only minor differences in the coverage between the public cloud services in terms of Service Integration.

The following figure shows the results of the business case evaluation on a total cost base. Almost all cloud providers are able to generate financial benefits compared to the best price traditional outsourcing case. The offers of Microsoft and Google promise approx. 25% savings whereas Amazon’s cloud shows no financial potential in the analyzed use case. Furthermore, in case of an in-house delivery of IT services it must be outlined that usually internal IT costs are higher than the applied costs from our best-peer outsourcing case. This would lead to an even higher financial benefit of a cloud migration. Additionally, a so-called ‘motley’ cloud case was derived by combining best solutions and prices of public cloud services from the providers. Based on the offers services from Microsoft Azure (mail, unified communications, terminal services) and Google Cloud (server, storage, network) are included in the ‘motley’ case which shows similar results.

The cost analysis of single categories does not provide a like-for-like comparison as different billing models are used. Hence, such comparison is not provided here. Nevertheless, Google ranks best in its pricing for servers and Microsoft best in its pricing for terminal services, storage and network. Although Amazon offers comparable prices, their own solution for terminal services (WorkSpaces) and mail, including an higher functionality, seem to be highly priced. As Google does not provide any terminal services, costs for this category from the use have been added to the Google case. Overall, public cloud prices compared to traditional outsourcing are lower for server, mail, messaging and especially storage services.

A substantial benefit of cloud services in terms of pricing can be realized through the elasticity of services as they can be canceled and utilized at any time during a day. This has not been considered in the business case comparison. Furthermore, the pricing of public cloud providers changes continuously, mainly decreasing. Insofar, the results shown are just a snapshot of a price comparison. Therefore, a continuous market observation is indispensable.

3.3 Legal & Compliance

In the classical IT outsourcing contract, the customer is able to negotiate services individually and chooses the place of jurisdiction as well as the location of the data centers. In general, public cloud service contracts are rigorous and not negotiable. International service providers have a global delivery model in which operation staff and the respective access and admin rights are located outside of EU countries. This is not compliant with EU data protection laws since there are no corresponding data protection regulations in non-EU countries. To ensure German or Swiss data protection rights this has to be handled in a bi-directional contract within the service providers’ organizations, e.g. for India. In the following main differences and challenges related to legal & compliance matters to be considered are shown.

Terms & Termination

Public cloud providers have the right to terminate their services by giving a 30 days’ notice and to apply changes to the enterprise agreement and SLAs. Public cloud customers can terminate their contracts on a monthly basis as well which gives high flexibility but also no long-term commitment to service and price stability. In comparison, traditional outsourcing providers enter contracts with a duration of at least three to five years depending on the IT and transformation investments. These individual contractual agreements contain a strong legal commitment for the availability of services and guarantee of SLAs as well as prices. Public cloud services are billed per hour based on current prices which might change each month, whereas traditional providers are billing per month based on agreed prices for the contract term. The missing long-term commitment in relation to public cloud service prices bears no risk as their prices have been decreasing so far. However with a huge volume being migrated to a public cloud provider there is a ‘de facto’ lock-in (not legally) due to the huge migration effort to switch to another service provider. In case of termination of certain services or SLAs by the provider or continuously rising prices there would be a potential business and financial risk for the customer.

SLAs & Penalties

For public cloud services single SLAs for each service are provided although it is the customer who has to design necessary redundancy/ fallbacks etc. In order to receive SLAs comparable to the ones in traditional outsourcing contracts the customer is in charge of the solution design and therefore responsible for the overall architecture. For instance, public cloud providers require the customer to utilize multiple availability zones in order to consider an outage as an SLA violation. The only SLA provided by public cloud providers is service uptime. Although this might not be sufficient for the customer’s critical business processes, it is not possible to negotiate individual SLAs such as the number of service outages or different service classes (e.g. gold, silver, bronze). It is also the customer’s obligation to submit the claim and to provide the proof that it was the public cloud provider who failed to meet the service/ SLA commitments. Claims or disputes with Amazon AWS for example have to be resolved by binding arbitration, rather than in court. All public cloud providers give a refund/ service credit between 10% and 30% of the monthly service charge if the service commitment is not met. These refunds are lower compared to the agreements in traditional outsourcing contracts with up to 20% of the yearly service charge.

Liability

Limitations of liability are overall reasonable for public cloud services. In all offerings liability is limited to direct damages up to the amount paid for the used service during the 12 months before the cause of action arose. Furthermore liability is excluded for loss of revenue or indirect and incidental damages for instance. In traditional outsourcing contracts liability mechanisms are negotiated and may include certain indirect damages such as personnel costs or losses of production.

All public cloud providers meet the standards of the EU data protection laws. However the German or Swiss data protection act is only applicable to the contracts of traditional outsourcing providers. Public cloud services are certified according to PCI DSS, SOC 1, SOC 2 or ISO 27001, but in traditional outsourcing contracts these certifications (e.g. SSAE 16, ISAE 3402, PCI DSS) have to be negotiated separately. Furthermore, Amazon and Microsoft use the so-called EU-Model-Clauses to protect customer data from access by third party countries, which has been confirmed as sufficient in 2014 (see ‘Art. 29 Working Party‘). The ‘Auftragsdatenverarbeitung’ (ADV) according to §11 German BDSG is also part of the legal contract for Azure. Generally, all public cloud providers offer encryption to protect customer data as well as transparency of services and codes to reassure customers of service integrity and confirm there are no back doors (e.g. for government customers an appropriate ability to review the source code is provided). To protect critical business data and intellectual property customer specific encryption is mandatory. For organizations in regulated businesses the usage of public cloud services will be still very limited in the near future due to special requirements not reflected in the standard cloud contracts.

Hosting & Data Location

All public cloud providers have hosting locations in the EU. Amazon AWS data centers in Europe are located in Germany and Ireland; Google Cloud’s in Belgium and Microsoft Azure’s in the Netherlands and Ireland. Microsoft announced two new data center locations for the German Cloud (Frankfurt and Magdeburg) with the trustee being T-Systems. None of these public cloud providers has a data center located in Switzerland yet. Customers from regulated industries such as finance, health care or the public sector where strict legal or other compliance requirements from regulatory authorities such as BaFin or FINMA have to be met, have restrictions in using the current public cloud services.

In Germany Microsoft might be an exception with the newly announced ‘German Cloud’. In this case T-Systems acts as the customer trustee for the planned data centers in Frankfurt and Magdeburg, which are owned and managed by Microsoft. This service will be in place by the end of 2016 and will use the standard Microsoft Azure contract with an additional addendum, the customer trustee agreement. Legally the approach is to avoid data access by US administration according to the Patriot Act. There are still ongoing legal disputes on disclosing confidential and personal customer data to US administration at the US Court of Appeals. Therefore, Microsoft established a special compliance team which handles all requests by the US administration or courts, informs the relevant customers as well as documents and publishes the number of requests (4.407 law enforcement requests for Germany since 01-06 2015).

Place of Jurisdiction

The place of jurisdiction agreed with traditional outsourcing providers is usually at the customer’s headquarter location. Yet, this is not negotiable with public cloud providers. The place of jurisdiction for offerings to European customers by Microsoft Azure and Google Cloud is in Ireland and for Amazon AWS in the state of Washington, USA. From a legal perspective this is a barrier for using public cloud services for critical company business services.

3.4 Service Integration

Moving infrastructure and application services to the public cloud leads to a growing market for service integration and the management of multiple service providers and contracts. Public cloud services may be compared to do-it-yourself stores where several parts can be acquired but need to be assembled and implemented on one’s own. Besides profound experience with the respective public cloud products and platforms, certain technical knowledge in configuration, administration and scaling of all infrastructure services is required. Nowadays, being in the second or third generation of outsourcing commodity IT, customers often do not have internal technical capabilities for the configuration and administration. Therefore, it can be assumed that most customers will need substantial external support and expertise for cloud service management and integration, in form of a managed service or on project base.

Due to the ongoing trend to outsource commodity IT services to different best-of-breed providers in order to get best prices and competition, customers already face a high complexity in their demand and supply organization. Thus an increasing number of customers need to harmonize service management and to orchestrate different services and providers. In the near future, customer core competences will focus on the orchestration of different providers in terms of contracts, service management and seamless integration. The supply will include traditional outsourcing providers, captive IT organizations and increasingly public cloud providers. 

Alternatively service integration and orchestration can be outsourced as well. This is especially applicable for IT organizations being in the second or third generation of outsourcing. One way to deal with this complex situation is to transfer the provider coordination to a separate or one of the contracted providers. The so-called lead provider takes over the overall ownership of incident, problem and change management and coordinates the different providers on behalf of the customer. The customer still keeps the ownership of all outsourcing and service contracts as well as of service management tools and data. However, the effort for the provider coordination and its complexity is transferred.

Currently the IT faces challenges such as digital transformation, pressure to increase the efficiency and to lower the costs, continuous development of innovative products or reduction of data exposure. Therefore the selection of a suitable sourcing model is indispensable. In the future sourcing of certain IT infrastructure and application services will take place in both the IT and in the business. Thereby, internal IT is confronted with complex service management, security and integration issues in any case.

As public cloud services are not offered in form of managed services a new market segment for public cloud service integration emerged. The following figure distinguishes four different clusters of service providers being ready to move into this highly competitive market.

There are two major criteria for differentiating these four clusters: capabilities of the provision of SLA-based IT service operations and own investments into large scale IT infrastructure and datacenter facilities. Truly ‘lean’ providers without large-scale investments in IT infrastructures and with service operations experience with tools and processes are in a good position for competing in the market.

Housing

Housing or colocation providers offer data center infrastructures such as ready-to-install racks with necessary infrastructure and security as well as a direct network connections to customers and others.

Outsourcing

Outsourcing providers have similar data center capabilities like colocation centers but focus more on their global delivery competencies and a high level of service operations. Typically, these providers offer the full stack of IT outsourcing from infrastructure to application management services.

Managed Services

Managed Service Providers have high service operation capabilities without investing in own data centers and infrastructure (IT assets). Services are delivered at the data center location, which can be either held by the customer or the housing providers. Similar to service integrators there is a low capital lockup in assets.

Service Integrators

Service Integrators mainly focus on the implementation of new IT technologies on a project-based approach (build). Most integrators have low own data center capacities and service operation skills. Due to low fixed capital in assets, service integrators can react very agile and flexible to changing market situations.

4. Findings

IT outsourcing is undergoing disruptive changes. About 50% of the companies are already using public cloud services, in many cases in their business units. Cloud services will have a dramatic impact on the IT service market; with new players, services, prices and management models coming up within the next three years. Monolithic single vendor IT outsourcing contracts are getting rare and most of the customers are looking into flexible IT outsourcing services and contracts and therefore facing increasing service integration efforts.

The underlying study analyzed whether it is possible for large corporations to move commodity infrastructure services from traditional IT outsourcing to public cloud services. Based on the results, moving data center services to a public cloud environment is an alternative worth considering. The conducted benchmark shows saving potentials in the range of 25% on a total operations cost base compared to best market prices for traditional IT outsourcing. Downsides are that the technical migration and the end-toend responsibility for running certain applications and services have to be taken over by the internal IT organizations or a third-party integrator. Such capabilities are often not available in today’s internal IT organizations. In traditional IT outsourcing the service provider is responsible for operating corporate applications, databases or middleware. With public cloud services this still requires internal or external skills to migrate and operate the application landscape based on building blocks of cloud infrastructure services.

Currently, the traditional outsourcing providers are integrating public cloud services from 3rd parties such as AWS, Azure or Google only restrictively into their customer delivery models. They prefer to promote their own IT and cloud services in order to leverage their IT investments. On the other side, there are new players on the market, such as managed service providers and the offshore providers, who are ready to take over the overall integration and service responsibility, including public cloud.

Legal and compliance issues must be evaluated by each customer organization depending on its business criticality and applicable industry regulations. Beside the place of jurisdiction, essential legal and service requirements including data protection regulations are covered by the standard public cloud contracts. Since these cannot be negotiated on an individual basis, public cloud services may not be applicable for all IT services and have to be evaluated individually. Essential business know-how and intellectual property would need customer-based encryption if moved to the public cloud. Due to their flexibility and cost advantages, public cloud services will increasingly be utilized for business commodity IT services, either being part of traditional IT outsourcing contracts or managed by a 3rd party service integrator for corporate customer organizations.

Recommendations for sourcing decision in large-scale IT organizations

» Cloud Readiness & Strategy – IT organizations have to evaluate and define their cloud readiness and strategy for IT services in order to stay competitive in the future. There might be a huge business impact and possibly competitive advantage in using public cloud. This evaluation includes not only strategic, legal, security and financial issues to decide which services to move into the cloud, but also the consideration of necessary operation and integration services.

» Building-up own skills in service consolidation and integration – Internal CIO organizations have to build up skills in cloud evaluations, brokering and service integration of different IT services between its business units and multiple IT suppliers. It needs internal management of an IT commodity service catalogue, integrating different business demands and multiple supply units (internal/external) as well as public cloud providers.

» Reshaping existent IT outsourcing contracts – Organizations which are using IT infrastructure outsourcing need to reshape their existing outsourcing contracts particularly with regard to cloud services. Both, public cloud services and service integration of multiple vendors have to be considered and negotiated with the existing and new service providers.