Tips from Part
The Dark Side of Outsourcing
Use the strategies in this book-particularly service
level agreements-to create the proactive controls
you want now, rather than at the time you need to
exercise them, i.e., when problems occur.
To avoid lock-in and reduce switching costs, always
have an exit strategy-a plan for how youíll switch
vendors if necessary.
If you need tools and utilities, try to find them
independently and include them in your site in a manner
thatís, therefore, portable.
Donít be afraid to use a mix-and-match approach to
fulfilling your requirements.
Use selective third-party outsourcing that can transcend
and outlast the relationship with a specific web-hosting
service or MSP to minimize your lock-in to that vendor.
Register your domain name yourself and check it regularly
to ensure that neither your vendor nor anyone else
has hijacked it.
Ask prospective vendors how they evaluate and reward
their employees. Is everyoneís compensation-even the
hands-on engineersí-based at least in part on customer
satisfaction? On your satisfaction? Also ask about
their rates of employee turnover.
Evaluate each of the service components independently.
Quality and value in one are not guarantees of quality
or value in others.
Beware of service components with unusually high prices.
These may be components that the vendor rarely provides.
8: Getting it Right
to be on the leading edge (e.g., higher-budget side)
of your vendorís sweet spot.
To avoid biasing vendorsí sales pitches, always find
out what theyíre selling before you tell them what
youíre buying. Of course, theyíll try to do the opposite,
so start by asking questions rather than by answering
A service thatís described in a vendorís literature
and has a standard price is often preferable to one
thatís custom or delivered via ďprofessional services.Ē
If thereís any doubt, ask for reference customers
who have been using the service in question for some
period of time, and contact those customers yourself.
Donít ask a vendor to support hardware or software
beyond whatís contained in its published list. Doing
so is both expensive and risky. If you really need
that component, find another vendor who can support
it. (If you canít find one, consider it an omen.)
Otherwise depend on the manufacturer, a third party,
or plan to support it yourself.
Make sure your vendor will profit from a successful
relationship with you, and will likewise incur a loss
if there are problems caused by inadequate vendor
services. Rather than adopt this logic globally, apply
it to each service component individually.
Protect against being dumped by a vendor by constantly
reviewing your value to that vendor. Put yourself
in its shoes.
Donít ask vendors to do things your way (even if your
way is better) unless you consider the additional
cost and risks.
Use shared resources and services where appropriate
as a way of creating a greater urgency for the vendor
in case of failure.
Consider renting servers if the vendor has both 24x7
on-site maintenance staff and on-site spares.
Favor renting if you anticipate early or frequent
Use renting as part of your exit strategy by mitigating
lock-in and reducing your switching costs. Renting
gives you the option of operating your web site simultaneously
at old and new locations without the need to purchase
If rental is your first choice, be prepared to negotiate
for a fair price. Consider the total cost of ownership
(including the value of spares, upgrade flexibility,
and mitigation of lock-in and switching costs) in
Use leasing (a) when preservation of short-term cash
is your primary concern, (b) if you have a large configuration,
or (c) when you require non-standard components.
Make use of your web-hosting vendors procurement services
when buying hardware and software.
Assume that no matter who developed the customized
applications and content for your web site, youíll
have to take responsibility for its maintenance, including
if necessary, 24x7 support.
Chapter 9: Risk Management
Ask each vendor for the average actual uptime percentage
its customers have achieved for the past twelve months.
Use the range between this value and the uptime promised
by the vendorís SLA as the basis of your risk analysis.
Confer with your companyís financial management to
determine (a) what loss multiplier should be used
for estimating your losses, and (b) whether to model
losses and risk-reduction costs relative to the top
line (revenues) or the bottom line (profits).
Use formal modeling to estimate the cost of downtime
and to determine which increases in uptime guarantees
will save more than they cost.
Review web-hosting contract provisions for force majeur
more carefully than you would when considering a typical
Your risk management plan should include specific
risk-reduction strategies to avoid and reduce the
frequency, impact, and duration of failures.
Vendors that offer risk transfer are more expensive,
but the additional cost may be justified. Use risk
analysis to determine whether the services of such
a vendor are worthwhile.
If you intend to purchase insurance to cover losses
due to web-site outages and other failures, consider
using a web-hosting vendor that already has a relationship
with an insurance company.
Since they cause 80% of unplanned downtime, due diligence
of vendorsí staff and processes should be included
in your risk-reduction strategy plan.
Chapter 10: Service Level Agreements
Donít rely on SLAs in lieu of actual due diligence.
Itís more important to research a web-hosting vendor
to determine whether it can actually achieve the service
levels to which it commits.
Require vendors to assume responsibility for things
beyond their control to the extent that these things
can be measured by an objective third party and compared
to industry averages.
Donít accept SLAs in which the vendor determines whether
it has achieved its performance service levels. If
possible, use a third party.
Require vendors to refund or credit up to 100% of
their fees if they miss their service levels.
If you have no choice but to accept an SLA that places
the burden of initiating a claim on you, make sure
you know precisely what supporting data you must supply.
Also watch out for time limits for making your claims.
Avoid SLAs whose remedies donít take effect unless
failures occur continuously and over consecutive periods.
Scheduled or preventive maintenance should be counted
as downtime when calculating a connectivity service
Donít accept exclusions for third-party network problems.
Instead ask for an SLA thatís based on objective measurements
of user experience compared to an industry average.
Challenge prospective vendors to exclude from Acts
of God any services that they claim are particularly
robust during their sales cycles or in their marketing
materials. Whatever their reaction, protect yourself
against Acts of God by purchasing insurance.
Watch out for general exclusions of causes. Any causes
that are excluded should be done so explicitly.
At the very least, require vendors to refund or credit
fees for missed service levels on a pro-rata basis.
An accelerated schedule will increase their motivation
to deliver as promised.
Include incentive bonuses for vendors that exceed
expected service levels.
Ask vendors for written definitions of the classification
of incidents by severity and for an explanation of
the rules for their use.
Every reactive SLA should clearly state whoís responsible
for monitoring, dispatch, problem determination, and
Look for SLAs that commit to resolution of problems,
not merely initiation of a response.
Donít include (even by reference) an SLA in a web-hosting
or managed-services agreement unless it expresses
the levels of service youíll accept. If you and your
vendor canít agree on the wording of an SLA, it may
be preferable not to have one at all. Better yet,
find another vendor who will put better service levels
Donít let vendors exclude liability for the very things
youíre paying them to do for you.
Insist that vendors accept responsibility and liability
for the actions of their sub-contractors to the same
extent they would if no sub-contractors were involved.
Ask for provisions in your contracts giving you the
option to terminate in case of a problem with the
vendorís colocation or managed service partners.
Negotiate a cap on annual price increases of 10% per
year on a per-line item basis.
Request provisions that give you the option to cancel
your web-hosting agreements in case another company
acquires a controlling interest in one of your vendors.
Make sure contracts and SLAs include a formal process
for the escalation and resolution of disputes.
Negotiate clear and unambiguous definitions that give
you the option to terminate agreements if service
levels are consistently missed.
Make sure vendors are required to assist you with
the relocation of your site if you exercise an option
to terminate your web-hosting or managed services
Chapter 11: Traffic Models
If your web-hosting service is going to charge you
for additional bandwidth, you should know how much
Ask prospective vendors how they measure traffic,
and specifically whether they include protocol overhead
and inbound traffic in their measurements.
Most sites generate log files that take up much more
disk space than their content. Plan ahead for log-file
space requirements, and develop and follow a log-file
rotation and deletion plan.
Got another tip
you think we should add to the list? Email it to tips.