French Caldwell

A member of the Gartner Blog Network

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Coverage Areas:

Cloud Computing Risks

by French Caldwell  |  February 25, 2009  |  1 Comment

Every time I hear of a web services failure, like the Google Mail crash yesterday, I’m reminded of a vendor briefing that my colleague Jay Heiser and I received from a small enterprise GRC platform vendor, Xactium, a few weeks ago.  Xactium has built a GRC cloud computing solution on salesforce’s platform — a pretty cool strategy when you think about it.  This way they don’t have to maintain the platform and hosting, and they can just focus on the application functionality.  From a customer perspective, you know that at least there is a big vendor,, supporting the platform.

But my colleague Jay asked Xactium: “What happens if you fail? What recourse do your customers have?”

Xactium responded that the data would still be there on, and there are many companies that would have the ability to help the customer get to that data.

Xactium’s answer made a good point — the use of a well-accepted web services platform like in and of itself helps to mitigate the viability risks of working with a small vendor — and for a non-strategic application of Xactium, that should be okay.

But then Jay asked, “What if salesforce itself goes away?  What then?”

Silence on the line — then Xactium said they’d think about that one.

Another vendor risk management option might be to mirror the data and back-up key reports on your own servers — neither of which incurs significant expense.  Escrowing the application may be an option as well, but who’s escrowing the web services platform?

So — you’re probably thinking, going away is pretty unlikely, right?  I agree, but …. The day after the vendor briefing, this was in the news:  Three Executives Leave

By the way, Xactium is too small to make the EGRC platform magic quadrant — but keep an eye on them — using to deliver a GRC SaaS solution is still a pretty cool idea.

1 Comment »

Category: Uncategorized     Tags:

1 response so far ↓

  • 1 Andy Evans   February 28, 2009 at 7:59 pm

    I remember the silence well – it was us thinking “why is Jay asking a what if they disappear question about an organization the size of Salesforce, who are clearly already trusted by most of the Fortune 100 companies?!”. Still, he has a point – these are uncertain times, and it makes sense to have a contigency plan. One suggestion is to offer to back-up the data on the customers servers – just in case. This is relatively easy to do in Salesforce, and can be done in real-time or as a daily batch process.