Choosing a cloud service provider is without question more involved than choosing the first result from a Google search. Each business has different requirements, customizations, and financial responsibilities.
It is crucial for the perfect service to meet and exceed businesses expectations.
That said; what does a business need to look for when searching for a cloud service?
The use of cloud and cloud services differ from one client to the next. Finding the right vendor will always vary though there are similar categories to narrow down what your business requires.
Below is a handy guide to help you navigate the plethora of options available to you and your business within the cloud server hosting industry.
Is the Cloud Server User Interface Actually Usable?
The user interface does not often receive the attention it should. An efficient and user-friendly interface goes a long way to allow more people to work on server-based tasks.
In the past, these seemingly trivial actions could require a full IT department to manage.
Amazon Direct Connect (AWS), for example, uses a somewhat cumbersome user interface. This could make it difficult for a business to perform medial tasks without a dedicated IT team. The point of a simple and effective UI is that you as a company need to access your data at all times.
A business needs to be able to access its internal and client data from anywhere; that is the beauty of the cloud. Having a simple UI allows for access from virtually anywhere, at all times, from varying devices just by logging in through the service provider’s client portal. Since it is web-based, using a smartphone, a laptop, or a tablet should not pose a problem.
How Does a Service Level Agreement (SLA) Work?
Cloud service agreements can often appear complicated and aren’t helped by a lack of industry standards for how they are constructed or defined. For SLAs in particular, many providers turn what could be a simple or straightforward agreement into an unnecessarily complicated, or worse, deliberately misleading language.
Having the technical proficiency and knowledge of terms can help decipher much of the complicated information, though it is often more reasonable to partner with a provider that offers transparency.
Most SLAs are split into two groups. The first is a conventional set of terms and conditions. This is a standard document provided to every applicant with the service provider. These types of forms are usually available online and agreed upon digitally.
The next part of the agreement is a customized contract between the client and vendor. Willingness to offer specific customization depends on each provider and should be part of the decision-making process of choosing the ideal solution.
The majority of these customizable SLA’s are for large, enterprise contracts. There are times when a smaller business may attempt to negotiate exclusive agreements and built-in provisions within their contract.
Regularly challenge service providers that appear prepared to offer flexible terms. Ask them to provide details on how they plan to support any requested customization, who is responsible for this modification and what are the steps in place used to administer this variation. Always remember your main components to cover in an SLA; service level objectives, remediation policies and penalties/incentives related to these objectives, and any exclusions or caveats.
Documentation, Provisioning and Account Set-Up
Service level agreement best practices and other contracts are often broken down into four different points of interest (with additional sub-sections as needed for customization). These four points of interest are legal protections, service delivery, business terms, and data assurance.
The legal protections portion of the SLA should cover Limitation of liability, Warranties, Indemnification, and Intellectual property rights. Customers are often wary of offering up too much information to avoid any potential for exposure if there were ever a breach, while the vendor would want to limit their liability if there were ever a claim.
Service delivery often varies depending on the size of the cloud computing service provider. The rule of thumb is to always look for a precise definition of all services and deliverables. Make sure you are crystal clear on all of the service company’s responsibilities relating to their offered services (service management, provisioning, delivery, monitoring, support, escalations, etc.).
The business terms will include points around publicity, insurance policies, specific business policies, operational reviews, fees, and commercial terms.
Within the business terms, specifics with regards to the contract need to include how, or to what extent, the service provider can unilaterally change the terms of the service or contract.
To prevent abrupt increases in billing, it is crucial that the SLA be adhered to, without changes during the course of an agreed upon terms.
The last point of emphasis is data policies and protection. The data assurance portion of an SLA will include detailed information covering data management, data conversion, data security, and ownership and use rights. It is essential to think long-term with any cloud storage provider and review data conversion policies to understand how transferable data may be if you decide to leave.
Reliability and Performance Metrics To Look For
There are numerous techniques for measuring the reliability of cloud server solutions.
First, validate the performance of the cloud infrastructure provider to their SLA’s for the last 6-12 months. Often, a service provider will publish this information publicly, but others should supply it if asked.
Here’s the thing though: don’t expect complete perfection. Server downtime is to be expected, and no solution will have a perfect record.
For more information on acceptable levels of downtime, research details on differentiating Data Center Tiers 1, 2, 3 & 4. What’s valuable about these reports is how the company responded to the downtown. Also, verify that all of the monitoring and reporting tools work with your existing management and reporting systems.
Accurate and detailed reporting on the reliability of the network provides a valuable window into what to expect when working with the service providers.
Confirm with the provider that they have an established, documented, and proven process for handling any planned and unplanned downtime. They should have documentation and procedures in place on their communication practices with customers during an outage. It is best that these processes include timelines, threat level assessments, and overall prioritization.
Ensure to have all documentation covered for all remedies and liability limitations offered when issues arise.
Is Disaster Recovery Important?
Beyond network reliability, a client needs to consider the cloud disaster recovery services protocols with individual vendors.
These days, data centers work to build their facilities in as disaster-free locations as possible, mitigating the risk of natural catastrophes at all possibilities. However, problems can still arise, and expectations have to be set in case something goes wrong. These expectations can include backup and redundancy protocols, restoration, data sources scheduling, and integrity checks (to name a few).
The disaster recovery protocol also needs to include what roles both client and service provider are responsible for. All roles and responsibilities for any escalation process must be documented as your company may be the ones to implement some of these processes.
Additional risk insurance is always a smart idea to help cover the potential costs associated with data recovery (when aspects of recovery fall under the jurisdiction of the client).
What Should I Know About Data Security?
Protecting data preserves a business and its clients from data theft. Securing data in the cloud affects both the direct client and those the client conducts business with.
Validate the cloud vendor’s different levels of systems and data security measures. Also, look into the capabilities of the security operations and security governance processes. The provider’s security controls should support your policies and procedures for security.
It is always a smart option to ask for the provider’s internal security audit reports, as well as incident reports and evidence of remedial actions for any issues that may have occurred.
Network Infrastructure and Data Center Location
The location of a data center for a service provider is crucial as it will dramatically affect many factors.
As mentioned previously, having a location where natural disasters are rare is always desirable. These areas are often remote enough that the cost of services can be lower than in a robust urban area.
Location of the data center also affects network latency. The closer a business location to the data center, the lower the latency and the faster data reaches the client. Therefore, a company based in Los Angeles will receive its data from a Phoenix-based data center faster than a data center located in Amsterdam.
For businesses that require more of a global presence, utilizing data centers around the world for distribution and redundancy is always an option. When looking for your ideal provider, it is worth inquiring how many locations globally they offer.
What If I Need Tech Support?
Tech support can be the bane of existence and the cause for insurmountable levels of frustration if not cohesive with the provider. Making sure that the provider you are looking for has reliable, actionable, and efficient support is essential.
If an issue arises, the longer a problem festers, the higher the risk of security threats or worse: a damaged reputation. Clients may become frustrated with a business if they are unable to access their accounts or contact the company. This could wreak havoc on many levels if issues are not resolved quickly.
Some data centers and service providers offer tailored resources to technical problems that could go as far to include 24/7 on-call service.
Tech support is a vital part of the selection process for a CSP. You want to feel at ease with your data and services, and a reliable support system is critical.
Business Health of Service Provider
Technical, logistical, and securities aside, it is essential to take a look at the operational capabilities of cloud service providers
. It is crucial to research your final CSP options’ financial health, reputation, and overall profile.
It is necessary to perform due diligence to validate that the service provider is in a healthy financial position and responsible enough to maintain business through the agreed-upon service term. If the provider were to run into financial troubles during your term, it could cause unrecoverable damage to your company.
Research if the provider has any past or current legal problems by researching and requesting data from the company. Asking about potential changes within the corporate structure (such as acquisitions or mergers) is another point of helpful info. Remember, this does not have to be a doom and gloom conversation. An acquisition could benefit the services and support you are offered down the line.
The background of major decision-makers within the cloud computing providers can be a useful roadmap for identifying trends and future potential issues.
Certifications and Standards
When searching for a cloud service provider, it’s always wise to validate the current best practices and technological understanding that they represent.
One way to do this is to see what certifications a provider has earned and how often they renew. This shows not only how up-to-date they are, how detail oriented a provider is, but also how in tune with industry standards they are. While these criteria may not determine which service provider you choose, they can be beneficial in shortlisting potential suppliers.
There are many different standards and certifications that a service provider can acquire. It depends entirely on the organization, the levels of security, the other clientele that a vendor works with, and numerous other conditions. Some standards to become familiar with in your search are DMTF, ETSI, ISO, Open Grid Forum, GICTV, SNIA, Open Cloud Consortium, Cloud Standards Customer Council, NLST, OASIS, IEEE, and IETF.
More than just a lengthy repertoire of certifications, you want to keep an eye out for structured processes, strong knowledge management, effective data control, and service status visibility. It is also worth researching how the service intends on staying current with new certifications and technology expansion.
Cloud security standards exist on a separate facet and certifications are awarded by different organizations. The primary criteria for security include the CSA (CS-A, SSAE, PCI, IEC, ICO, COBIT, HIPAA, Cyber Essentials, ISAE 3402, COBIT and GDPR.
Operational standards are a third category to consider and to seek out certification. These certifications include ISO, ITIL, IFPUG, CIF, DMTV, COBIT, TOGAF 9, MOF, TM Forum and FitSM.
Cloud and secure data storage solutions should be proud of their earned certifications and display them on their website. If certification badges are not present, inquiring about current certifications is easy enough.
Service Dependencies and Partnerships
Service providers often rely on different vendors for hardware and services. It is necessary to consider the various vendors and how each impacts a company’s cloud and data server experience.
Validating the provider’s relationships with vendors is essential. Also keeping an eye on their accreditation levels and technical capabilities are useful practices.
Think about whether the services of these vendors fit into a broader ecosystem of other services that might complement or support it. Some of the vendors may connect easier with IaaS, SaaS or PaaS cloud services. There could be some overlap or pre-configured in services that your business could see as a benefit.
Knowing the partnerships a provider has and whether it uses one, or several of the three cloud service models is helpful. It illustrates whether the service partner is the best fit for the ultimate goals of the business.
IT Cloud Services Migration Support and Exit Planning
When searching for your ideal partner, take care to look at the long-term strategy.
In the event you ever decide to move your services or grow too large for the service capabilities of a provider. The last thing you want to run into is a scenario called Vendor Lock-In. This is a situation in which you, as a potential customer, using a product or service cannot easily transition to a competitor. This circumstance often arises when proprietary technologies are used by a provider that end up being incompatible with other providers.
There are specific terms to keep an eye out for when comparing build apps and data centers. Some examples of CSPs using vendor lock-in technology includes:
- CSP compatible application architecture
- Proprietary secure cloud management tools
- Customized geographic diversity
- Proprietary cloud API’s
- Personalized cloud Web services (e.g., Database)
- Premium configurations
- Custom configurations
- Data controls and applications access
- Secure data formats (not standardized)
- Service density with one provider
Choosing a provider with standard services without relying on tailor crafted systems will reduce long-term pain points and help to avoid vendor lock-in.
Always remember to have a clear cloud migration strategy planned out even before the beginning of your relationship. Transitioning to a new provider is not always a smooth or seamless transition, so it is worth finding out about their processes before signing a contract.
Furthermore, consider how you will access your data, what state it will be in, and for how long the provider will keep it after you have moved on.
Takeaways On Cloud-Based Computing Vendors
Deciding between business cloud server providers seems like a daunting task.
With the right strategy and talking points, a business can find the right solution for a service provider in no time.
Remember to think long-term to avoid any potential for data center lock-in. Avoid the use of proprietary technologies and a build a defined exit strategy to prevent any possible headaches down the line.
Spend the time necessary to build workable and executable SLAs with contractual terms. A detailed SLA is the primary form of assurance you have that the services will be delivered and supported as agreed.
With the right research and remaining vigilant for what your business requires, finding the perfect solution is possible for everyone.