March 21, 2016

How to Select the Right Cloud Vendor

When migrating to the cloud, one of the primary hurdles you’ll have to overcome is selecting the right cloud provider. Make the process easier by evaluating four key areas of consideration:

Technical Considerations
Service Level Agreement
Transparency
Security Considerations

Each of these areas can be evaluated based by asking a few simple questions of your internal team and the vendor(s) you are looking into. Work on answering the following questions as an organization to help determine which cloud provider is right for your specific environment and business requirements:

1. Technical Considerations

First, determine how your current application architecture and workloads will operate in a cloud environment.

Will your current architecture function in the cloud?
Is the application portable to the cloud and able to run in a virtualized environment?
Are there any integration points to consider?
How quickly can you provision and de-provision services?

2. Service Level Agreement (SLA)

Make sure that all details of the SLA – sometimes referred to as a Cloud Service Agreement or CSA – are clearly defined and able to be audited.

What are the availability and response time commitments? (e.g. 99.9% up-time)
Is there a financial penalty for missing the SLA? (e.g. 10% service credit)
- Who is responsible for detecting and reporting incidents where the cloud service fails to meet the SLA?
Are there any exclusions in the contract? (e.g. scheduled maintenance, patching)

3. Transparency

Get a solid understanding of how services will be delivered. Look to gain crystal clear insights on:

Monitoring and Reporting

Does the vendor provide tools to measure performance during normal operations and under load?
Can thresholds and alerts be set up to receive notifications of issues?

Metering

How easy is it to read your bill and determine accuracy?
What is the process for challenging the billing?

4. Security

Data security is always the top priority. When moving to the cloud, it is essential to maintain focus on security.

First, you need to look at and determine the nature of the data.

Do you maintain any PII (Personally identifiable information)?
Do you store any corporate intellectual property?
What would be the business and legal impact if any or all of the data was compromised?

Next, determine if you need to meet any industry compliance standards.

What are your compliance requirements and does the cloud vendor meet them?
Compliance requirements could include PCI, HIPAA, GAAP, SOX and IFRS, to name a few.

The last step is to understand how your cloud vendor secures their environment. You should have a solid understanding of what the vendor is responsible for vs. what you are responsible for in terms of security.

Where does your data reside?
Is the data encrypted?
How do you move data from the cloud?
What are your security governance policies and procedures?
Can you implement these security best practices with the cloud provider?
- Encapsulation of infrastructure on Public cloud so that infrastructure of tenant “A” is not accessible to tenant “B”
- Support for Private and Public subnets. Public subnet having direct inbound and outbound access to Internet
- Support to firewall at a network and VM level
- Support for creating VPN tunnel so that hosts on the private network is directly accessible
- Support for NAT/Internet-Gateway that enables hosts on private network to have outbound access to Internet
- Support for multi-region deployment for DR and HA
- Support for load balancer that only expose an interface with a port, and encapsulates all the hosts behind it

Next Steps

MiCORE is passionate about helping organizations make a successful transition to the cloud. Learn more about our approach to providing cloud services at: micoresolutions.com/cloud-services