Gartner Blog Network

Cloud Computing Risks

by French Caldwell  |  February 25, 2009  |  1 Comment

Every time I hear of a web services failure, like the Google Mail crash yesterday, I’m reminded of a vendor briefing that my colleague Jay Heiser and I received from a small enterprise GRC platform vendor, Xactium, a few weeks ago.  Xactium has built a GRC cloud computing solution on salesforce’s platform — a pretty cool strategy when you think about it.  This way they don’t have to maintain the platform and hosting, and they can just focus on the application functionality.  From a customer perspective, you know that at least there is a big vendor,, supporting the platform.

But my colleague Jay asked Xactium: “What happens if you fail? What recourse do your customers have?”

Xactium responded that the data would still be there on, and there are many companies that would have the ability to help the customer get to that data.

Xactium’s answer made a good point — the use of a well-accepted web services platform like in and of itself helps to mitigate the viability risks of working with a small vendor — and for a non-strategic application of Xactium, that should be okay.

But then Jay asked, “What if salesforce itself goes away?  What then?”

Silence on the line — then Xactium said they’d think about that one.

Another vendor risk management option might be to mirror the data and back-up key reports on your own servers — neither of which incurs significant expense.  Escrowing the application may be an option as well, but who’s escrowing the web services platform?

So — you’re probably thinking, going away is pretty unlikely, right?  I agree, but …. The day after the vendor briefing, this was in the news:  Three Executives Leave

By the way, Xactium is too small to make the EGRC platform magic quadrant — but keep an eye on them — using to deliver a GRC SaaS solution is still a pretty cool idea.


French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Thoughts on Cloud Computing Risks

  1. Andy Evans says:

    I remember the silence well – it was us thinking “why is Jay asking a what if they disappear question about an organization the size of Salesforce, who are clearly already trusted by most of the Fortune 100 companies?!”. Still, he has a point – these are uncertain times, and it makes sense to have a contigency plan. One suggestion is to offer to back-up the data on the customers servers – just in case. This is relatively easy to do in Salesforce, and can be done in real-time or as a daily batch process.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.