Case study - Tearing down barriers to cloud adoption
Who we are
We are an international organization with just under 200 member nations and present in over 130 countries. Our procurement process is based on the fundamental principles of best value for money, fairness, transparency, economy and effectiveness. It is based on a formal contract award procedure which follows a competitive procurement process. Participation in the solicitation process is only open to vendors that are registered to the UN Global Marketplace (UNGM) via the vendor registration portal. The invitation to vendors depends on the company’s experience, its ability to perform, financial soundness and the relevance of the goods, works or services offered. All suppliers working with us must accept and abide our General Terms and Conditions for Goods or Services.
Depending on the value of the procurement action, methods of solicitation may include:
» Very Low Value Procurement
» Request for Quotation (RFQ)
» Request for Proposal (RFP)
» Invitation to Bid (ITB)
For procurement of ICT services, our IT department functions as a consultant in order to support actors in the smooth running of procedures. Usually, in a procurement process of ICT services the initiator of the procurement action works in close collaboration with the IT department, the legal officer and procurers to make sure to cover all the aspects of the procurement process.
Why the cloud?
The main benefits that we envisage in adopting cloud services are:
» Cost savings in our data centres through outsourcing resources
» Increased flexibility by acquiring additional capabilities needed to manage big data, especially when it comes to satellite data.
Main barriers perceived in procuring cloud services:
» Security of cloud solutions: moving data to a commercial provider is risky from a privacy and security perspective. We manage sensitive data that cannot be publicly disclosed. To overcome this barrier we developed an information security risk assessment for each cloud solution that we have through which the IT division can make an assessment of the cloud providers and also provide guidelines on procurement. However, diffidence still remains.
» Data privacy management: another concern which is strictly related to data security regards the legal framework, in particular to data protection. As part of an intergovernmental organisation, data stored by them cannot be accessed by local governments. Cloud service providers need to guarantee this.
» Due to the cross-border nature or our organization, we are unclear which laws in which country are applicable to data and cloud solutions
» Procurement of on-demand services is also an issue as traditionally the purchase is at a fixed price. This is very different to pay-per-use services where you have monthly invoices with different amounts. Policies are not in place to address this issue.
We have a well-defined procurement process that works well and our legal, procurement and our IT in-house staff are sufficiently skilled to procure cloud services. We do not have any experience of pure procurement of cloud services. However, we are very interested in moving towards cloud adoption and our IT department is encouraging this. Until now we are using the cloud in a limited way. Although we are pushing towards cloud adoption, the next steps depend on the above mentioned policy issues. Unless our internal policy changes, it will be difficult to purchase cloud services.