Moving your business operations to the cloud or to a hosting provider can cut costs, streamline your workflow and eliminate the need for in-house IT personnel and hardware. But perhaps the biggest benefit for companies is the ability to concentrate on the business at hand and let someone else handle worrisome IT concerns like security, maintenance, backup and support.
The market is vast, with a myriad of providers offering an even larger number of services. From giants like Microsoft, Amazon and Google to smaller niche players like Complior. Selecting the right provider is critical to long-term success.
So how do you select the right cloud and hosting provider? The answer is to know what you want and need. Here are 10 essential questions to consider as you screen potential providers to select the right one for your particular needs:
Pricing is usually based on the company and its specific needs. If you want a fixed shelf price you can expect that nothing is tailored to the needs of your company. Further, one thing that is often forgotten is the total cost of services, as customers tend to focus a lot on the tangible services that are needed, such as infrastructure. The more intangible services such as operation and the daily cooperation with the supplier are often missed. So, make sure you spend some extra time calculating all costs.
Security should always be a priority as data is often business critical and the basis for many business activities. Providers that comply with security standards and frameworks such as ISO 27001 or PCI DSS if you work in the payment industry, demonstrate that they follow best practices in terms of security. Security measures to look for are firewalls, anti-virus protection, multi-factor user authentication, encryption and regular security audits.
A big part of security is also about knowing who can access what, and if the person in question is trusted and has approved qualifications. Background checks, security training and traceability are things that ensure that you as a customer can feel safer.
The location and security of the data centers and servers where your company’s information will be stored are as important as online security. There should be processes and routines in place on how the cloud vendor protects the data center from natural disasters such as fires and storms. We also have this (not so) minor detail of how the facility itself is protected against burglary, and that unauthorized personnel are not able to access physical machines.
Technical support should be available to you online or by phone 24/7/365. When you contact the service desk, the person answering enquiries should be a knowledgeable technician!
Many deliveries are entirely dependent on technicians and support. One thing that is often forgotten is that the day-to-day collaboration and contact can take different forms. Look for a supplier that can offer you more personal service or a contact person that can handle discussions, planning and project management over time.
If you accidentally delete or lose data – can you get it back? What does it say in the contract about data loss? It is important to ensure that there is traceability and monitoring in services and perhaps also a redundant environment that reduces the risk of data loss.
A potential provider should have documented and formalized change management policies and procedures for changes in information systems, including a process for requesting, logging, testing and approving changes prior to implementation. The provider must also show that emergency changes are under a formal review process. Roles and responsibilities, escalation processes and who has the burden of proof, must all be clearly documented in the service agreement.
As your business grows, so will your cloud storage needs. That’s why it’s good to choose a scalable solution, find out storage capacity and how much it costs!
Since downtime can be costly for your company, it is of course advisable to choose a supplier who experiences as few as possible. However, downtime is difficult to avoid and all cloud providers experience them at some point. What then becomes relevant is how the supplier manages downtime. They should have routines and processes in place that include how they communicate with customers during interruptions. The supplier should also have knowledge of how applications and systems can be built up in their infrastructure to reduce the risk of disturbances in the event of downtime.
Many service providers offer migration services and assistance in the assessment and planning phase, as well as skilled technical staff that can fill skills gaps in your migration teams. Make sure you have a good understanding of the offered support and decide who will do what.
Goodbyes might not be the first thing you would want to think about, but it’s always good to have a clear strategy in place at the start of your relationship. What would an eventual move to another provider look like? Address questions like how you will access your data, what state it will be in and for how long the provider will keep it. Vendor lock-in, in which a customer using a product or service cannot easily transition to a competitor, is not an ideal situation to be in.
Service providers often have multiple vendor relationships and a complex network of connected components and subcontractors may play a part in the delivery of a cloud service. Thus, it is important to make sure that the provider can guarantee the delivery of services, including those who are not directly under their control. You should also look to understand limitations of liability, customer support and service disruption policies.
This question also becomes important when thinking about laws and regulations like GDPR and the controversial CLOUD Act. It is important to ask potential vendors where your data will be located, how it will flow, and who will be given access to it.
There are a lot of things you should consider when picking the right cloud provider, and it helps to know which questions to ask! Think security – both in terms of security standards and the physical safety measures in place to protect your data. Think long term – make sure that the cloud can grow as you go! Think responsibility – take the time to establish workable SLAs and contractual terms so it becomes clear as to who is responsible for what, and that the services will be delivered as agreed. Think cooperation – ongoing dialogue on different levels is more important than you think when it comes to the secure delivery of IT systems.