☛ Want the latest procurement and supply chain news delivered straight to your inbox? Sign up for the Supply Management Daily
6 October 2011 | Adam Leach
While it offers significant potential savings and process efficiencies, purchasing cloud computing services provides significant risks which must be managed, according to Belinda Doshi.
Speaking at the CIPS 2011 Conference, Doshi, a partner at Field Fisher Waterhouse told an audience of buyers that when purchasing cloud services they need to ask themselves: “Where is my data? How do I get my data out if my SAAS provider goes under? How do I move my data to another provider?” Unlike traditional IT services, data kept on cloud servers is in the possession of the supplier.
Speaking on the broader topic of privacy and data security, she noted that it has become a strong priority for procurement teams over the last year, but needs to become even more important. She said: In two or three years, if you are not putting in strong data security policies, then quite frankly, you are being negligent.”
She advised that procurement departments need to look at implementing data breach notifications (alerting suppliers and customers to potential security breaches) and fully understand the risks associated with transferring data between countries. Purchasers must also ensure tight data security across the entire supply chain, as Doshi explained: “You are only as strong as your weakest supplier.”
While the technology side of data sharing and cloud procurement can seem complex, Doshi stated that in terms of risk management, it’s just a case of sticking to the basic principles: “With all of these things it's about scoping out the risk and working with the lawyers to get the contracts right.”