Your Cloud Provider Checklist
It’s a crowded market, and you have the luxury of choosing from many first-rate cloud
providers. However, there are also some who could well be operating from a spare bedroom. And even large organisations fall - think the collapse of 2e2, causing untold pain because of the critical systems they hosted, and on which so many relied.
Whatever choices you make, you’ll likely end up slicing and dicing your estate and appointing a variety of cloud vendors and providers. Knowing precisely what to expect from your cloud provider avoids muddy waters – and potentially ugly surprises, later. Do your due diligence; check the small print, and never assume everything (e.g. backups) is included.
Here, we list 11 things to check before engaging a cloud provider, but we've left our best advice until the end, so read on...
1. Roles and responsibilities of all parties and the demarcation lines between you and your cloud provider.
2. Define key terms, such as activation date, capacity, user numbers, availability, response times, escalation process and – not least, performance.
3. Monitoring and verifying cloud usage, which are vital for controlling your costs and preventing loss of service. You may need to forecast and manage changes - up or down - so that nothing is ever underutilised or over-committed.
4. Recompense. Does the provider stipulate compensation for exceeded downtime? Get clarity on what constitutes outage and when any financial penalties will kick in.
5. Business continuity. What contingency is in place for business continuity management (BCM)?
Your potential provider should be able to demonstrate their resilience, what they’re prepared to do in the event of an interruption of service, and say how communications are managed.
6. Disaster recovery. What contingency is in place for DR?
7. Data location. Where will your data reside?
8. Cloud Security. What services are included and what measures are in place if a breach occurs? How quickly will you be notified? This is good guidance from the NCSC on implementing the 14 Cloud Security Principles.
9. EU-US Privacy Shield. Provides companies on both sides of the Atlantic with the mechanism
to comply with data protection requirements when transferring personal data from the European
Union to the United States.
10. Termination of cloud service. How is this handled, and are there any special clauses or financial penalties? How will you get your data back, and will you have to pay for the privilege?
11. Shadow IT. What controls can your potential provider offer to prevent this?
THE ONE THING YOU MUST DO BEFORE ENTERING A CLOUD SERVICE
Never enter a cloud service until you know how you're going to leave it. You can't predict how your circumstances may alter in the future, but you can be be prepared for change.
It's crucial you have a plan to migrate to something else - include how you will achieve this technically, as well as contractually. We've advised businesses who had no contingency and it's not trivial, as well as being extremely stressful for them.
Would you welcome some strategic and technical guidance on your journey to the cloud? Click the button below to book a free Cloud Viability Assessment or explore our managed cloud services here.