Selecting the right cloud service provider is very crucial for the long-term success of any organization. The qualifying attributes should be directly aligned to the strategic objectives of the organisation as well as reduce overall TCO. Let us have a look at the key factors while selecting a cloud service provider.
Things to consider while selecting a cloud service provider
1. Choose the right timing: Chalk out a clear-cut view of the requirements specific to the business needs. A clear vision of the technical, service, security, data governance and service management needs specific to the business is required before interrogating any group of service providers. Configurations required while migrating application and workloads to the cloud is dependent on both the customer’s environment and the services offered by the cloud service provider. So, depending on the fresh installation or migration of the existing application to the cloud, the timing of cloud association needs to be clearly planned.
2. Architecture: Before finalizing a cloud service provider, it is crucial to understand how the architecture will be incorporated into the workflows that are being followed currently and the ones in future. For example, if an organization uses the Microsoft platform, then it is advisable to choose Azure service provider as Microsoft offers customers licenses and even certain credits free of cost. On the other hand, if an organization is dependent on Amazon or Google Services, then it is best to choose those vendors for a smoother integration and consolidation.
Study beforehand about the re-coding, enhancements or customization that would be required to make current workloads execute on the cloud platforms. Time and effort required for the migration must also be studied in detail.
Migration Services and support right from the assessment and planning phase are offered by many service providers. A proper knowledge of this support and subsequent mapping against project tasks and chalking out who does what is important. In some cases, support of third party provider might also be required to support in the migration process. A service provider’s roadmap to service development should be in sync with the development roadmap specific to an organization.
3. Data management: Knowledge about the data privacy rules governing personal data specific to an organization is crucial. This includes the location of the data and the various local laws to which data is subjected. This forms a major key for the selection of a cloud service provider. If an organization is obliged to certain restrictions on its data, then it is best to select a provider who can provide some control or choice in managing, storing and processing the data. Capability to protect the data in transit i.e. data that is moving to the cloud or within a cloud through encryption should be accessed. The Service Provider’s data loss and breach notification processes must be in sync with the organization’s regulatory obligations.
4. Data policies and protection: Security policies and data management policies, particularly those policies related to data privacy rules, must be understood. Make sure satisfactory assurance is provided for data access, data location, confidentiality and usage/ownership rights. Backup, resilience provision must be reviewed. Data Conversion Policies must be scrutinised properly to learn flexibility in data transfer, in case a customer decides to leave.
5. Service Dependencies and Partnerships: A service provider’s relationship with multiple vendors is a key factor to be studied. If a service provider supports multiple vendor relationships, then it is also worth to understand their technical capabilities, staff certifications, and various accreditation levels. For example, if a SaaS CRM is selected, it is good to check if there are integrations already with any finance and marketing services. In the case of a PaaS service, it is worth to check if there are existing cloud marketplaces which provide preconfigured complimentary services that can be integrated effectively on the same platform.
In many cases, there exist a network of connected components and subcontractors that play a crucial part in delivering a cloud service. It is important to ensure that the service provider discloses all such relationships and divulge the primary SLAs created as part of these services, including those which are not directly controlled by the provider.
6. Service Levels Agreements (SLAs): Cloud Service Level Agreements plays an important role in the selection of a provider. A clear contractual relationship between a cloud service provider and its customer is a must requirement. Proper attention should be given to the legal requirements related to data security that is being hosted in a cloud. Also, a legal agreement needs to be established that will back up in the event of any mishap.
7. Service Delivery: Obtain a clear-cut view of the roles like delivery, provisioning, service management, monitoring, support, escalations and how efficiently it is shared between a customer and a provider. Also, it is vital to understand how service accessibility (which includes maintenance, incident remediation, disaster recovery) is managed and how well it adapts to the customer’s requirements.
8. Reliability and Performance: Verify the performance of a cloud service provider against their SLAs for the last 1 year. Downtime is experienced by every cloud service provider at some point in time. It is essential to check how a downtime is handled by a service provider. The monitoring and reporting tools offered by the provider must be feasible enough to integrate into the overall management and reporting system of the customer. Verify the documented and proven statistics of a provider in handling planned and unplanned downtime. Documents regarding the downtime and communication to customers at times of disruption (timeliness, prioritisation and security level assessment of issues) must be verified.
9. Disaster Recovery: Verify the disaster recovery options and processes and the provider’s capability to support data preservation requirements such as criticalness of data, data sources, scheduling, backup, restore, and integrity checks. Roles and responsibilities and escalation strategies must be properly documented in the SLA. Plans for purchasing additional risk insurance should be considered if the recovery costs are not covered by the provider.
10. Security: Security plays an important role in choosing the right service provider. First and foremost, a good understanding of the security goals specific to the business is required. Understand clearly the security measures that are provided by each provider and the mechanisms each provider employ to preserve the applications and data.
The security features that are offered free-of-cost for every vendor should be evaluated. Also, knowledge about the paid security services offered by the service provider and the need if any, to utilize a third partner’s technology should also be considered. Details specific to business use cases, industry and regulatory requirements must be evaluated as well thoroughly with the provider prior to the finalization.
If security is compliant to ISO 27000 standards or similarly recognized certifications, confirm on their validity and make sure that proper budget and required headcount is available to maintain compliance with these frameworks. Get details on the internal security audit reports, incident reports and proof of remedial action for any issues being faced. It is always best to validate a service provider based on the structured processes, effective data management, good quality knowledge management and service status availability. Also, understanding about how a service provider manages to resource and provide incessant adherence to the standards is crucial.
11. Compliance: Select a cloud service provider that provides required support to meet the compliance standards that is applicable to the organization. Organizations that stick to follow SOC 2, HIPAA, GDPR or similar other frameworks must make a detailed research beforehand about the after-effects once application and data start to live in a public cloud infrastructure. Understanding about the organization’s responsibilities and the aspects of compliance the service provider offers to support your needs is vital.
12. Cloud Commercials: Pricing Model and the list of services offered by every cloud service provider is unique. Pricing normally depends on the usage period while in some cases the provider provides discounts for a longer tenure. Pricing is also based on the storage requirements, contractual periods or access to advanced features. Apart from the financial perspective, it is vital to understand the resource availability and the speed to provision and deprovison the data. The ability of a customer to fine-tune scalability also depends on the services offered by the provider. It is necessary that a customer chooses a cloud provider whose service packages match its requirement.
13. Vendor lock-in and Exit Planning: Vendor lock-in is a condition in which a customer using a service of a provider cannot easily migrate to another competitor. Such a condition arises when a provider uses proprietary technologies that remain incompatible with the competitors. Avoid the risk of vendor lock-in by making sure that the chosen cloud service provider uses minimum proprietary technologies. Always choose value-added services that have competitive and suitable alternatives available in the market. Be aware of conditions wherein a service provider modify configurations, policies and might introduce a lock-in in the later stage as part of the service.
14. Exit Provisions: Obtain a clear view of the exit strategies at the start of the service contract itself. Moving away from a Cloud Service Provider will not be a smooth process and so it is always better to properly understand the exit policies in the initial stage itself.
15. Business and Financial health of the provider: Make sure the cloud service provider has a good stability and healthy financial position with adequate capital to operate a business over a long term. Collect details if the provider has faced any legal challenges and their response to such legal issues. Also, get to know about any planned corporate changes, mergers and acquisitions and future business aspirations.