Procurement departments often have an issue with one of the intrinsic characteristics of cloud computing, which is that the provider defines the service. It is not the consumers that define the service, though they may be able to configure it. Is this good or bad?
A procurement department is used to managing service risk by demanding ‘feature continuity’. Once the business depends on a certain feature, like being able to run a certain report, that feature becomes a risk. If it goes away, the business suffers. That is bad.
In software, this risk is often handled by demanding ‘backwards’ compatibility. Cloud providers may not be in a position to provide that. A simple example of that occurs when a security hole needs to be plugged. In addition, the financial attractiveness (which is good) of the service offering might depend on the provider supporting only a very limited amount of different services.
So there are a couple of things that need to be done here. To begin with, the provider’s commitment to certain features and functions should be evaluated. Then, the consumer’s dependence on those functions should be looked at as a risk, and managed as a risk. This means looking at the business implication of a function that goes away, and thinking about workarounds, or other actions.
This cannot be done by the business users or the procurement department alone, they will have to work together. The procurement department probably has better expertise in figuring out provider contract conditions, the business users should be better aware of the risks that they are willing to take in relation to the benefit that they see.
Then, the company will need to return to this analysis on a regular basis, in proportion to the value at risk. And that is part of cloud consumer governance.
This could be part of business continuity management, or disaster recovery planning. Because, even when the provider is still there, lack of support for an essential feature is almost as bad as a provider that has gone away.