With the higher number of the externalized IT systems, the task of choosing the right cloud provider has become more difficult than ever. As a matter of fact, with the growing number of providers in the market, service offerings are also getting increased. So here comes the main question – how to select the trustworthy service provider that can offer the best service for your business?
The question may look easy but the answers associated with it are not as simple as it seems to be. So, we have distilled a few important factors on the aspects related to procurement processes and selections.
1. Service Roadmap
It is important to have a clear idea regarding the roadmap of your intended cloud service provider’s service development. There are a few questions that you need to ask:
i. Is the service roadmap a perfect fit for your company’s long-time requirement?
ii. Is the service provider’s planning to grow over time and continue to innovate their services?
iii. Are they committed to specific technologies or do they upgrade over time?
iv. How is their interoperability supported?
For example, if you want to opt for QuickBooks hosting, you need to confirm if they work on a service roadmap and fulfill their promises of frequent data backup, smooth migration, secured data center, upgradation as per updates in the industry, etc.
If you want to go for a SaaS provider, then their services, features, and integration roadmap combined are highly desirable. You may want to assess the entire portfolio of your intended cloud service provider’s service provisions based on your particular cloud strategy.
Ensure that your preferred technologies and the cloud platform of your intended service provider align and support your cloud objectives. Check for cloud services, standards, and architectures to suit your management and workloads preferences. Also, evaluate the necessity of customization and the level of re-coding that you may need to make your workloads fit as per the cloud platform.
Quite a number of service providers offer assistance and comprehensive migration services as early as during the planning and evaluation phase. You need to keep a close eye on such areas too.
Contrary to the above fact, there are also specific large-scale public cloud providers, who only require additional 3rd party support from you. As a basic provision, the service providers can offer you limited support apt only to fill the skills gaps.
3. Security Practices
You need to make sure that your intended cloud service provider has access to various levels of:
a. System and data security
b. Security governance processes
c. Maturity of security operations
The information security controls of a notable service provider should be risk-based and their platform should be supportive of your company’s security processes and policies.
You should also look out for these security practices as well.
i. The physical security controls should be accessible to co-located hardware
ii. Environmental safeguards should be implemented in the data centres to protect.
iii. Data and equipment from disruptive events
iv. The providers should have provisions regarding redundant power and networking in addition to business continuity and documented disaster recovery plan
v. Customer data integrity should be in place and should be followed as per operational procedures and policies
vi. Hardware component or application service Changes should be authorized and the only authorized individual should do so
vii. To maintain various cloud services types and at different levels, comprehensive security infrastructure is a necessity
4. SLAs and Contracts
If the industry standards are lacking, the reason may be the complexity of cloud agreements. There are even a few jargon-happy cloud providers from whom you should be careful of, who deliberately prefer using misleading language that is both unnecessary and complicated.
To clarify and reduce the risk, you should consider these key factors:
Again, when looking at the SLAs, you should check for these 3 major components:
1. Caveats and Exclusions
2. Penalties/incentives and Remediation policies related to service level objectives
3. Service level objectives
5. Disaster Recovery
To get a better idea of a cloud provider’s service provision, check their disaster recovery processes. Also, look into their ability related to data preservation expectations. A good example of the same is recovery time objectives. The objectives include vital aspects like:
i. Integrity checks
ii. Data restoration
iii. Data backup
iv. Data scheduling
v. Data sources
vi. Criticalness of data
The provider should have clear documentation of the service agreement with a clear citation regarding:
a. Escalation processes
It is better to be confirmed about the risk insurance under the umbrella terms and conditions, and even get one if it is not already provided by the provider.
6. Vendor Lock in
Vendor lock-in refers to the situation where a customer using a service or product cannot become a competitor to the service provider. This is basically the result of proprietary technologies, incompatible compared to the ones from the competitors.
When you are about to choose a cloud service provider, do carefully check for vendor lock-ins. Added to this, stay away from those cloud service providers who rely on unique or customized proprietary components. These can have an adverse effect on your data migration process. The negative impact can be direct to the portability process if you would want to shift to any other in-house operations or service providers.
The above pointers are a brief guide to consider and choose a good cloud service provider. We always advise you to be vigilant and informed before engaging in cloud service provision. While assessing your prospective providers, try to include both hard and soft factors. Investigate well before regarding their standards and certifications. Check their validity and their adherence to various security aspects (HIPAA). Do also read carefully the testimonials and case studies shared by their existing and previous customers.