By Martin Wright, Managing Director of Techgate PLC
“…Make sure you ask the right questions when choosing a Cloud Infrastructure provider.”
The cloud market place is maturing and the range of solutions on offer is becoming broader, but this can make it even trickier to judge exactly what you are buying. Your Disaster Recovery (DR) solution must be as secure as your in-house IT systems, but many companies are not yet asking the right questions when it comes to selecting a trusted provider. This blog post tells you how to avoid some of the pitfalls.
Security and availability
Make sure your Business Continuity provider takes security seriously, especially if your company handles sensitive data. If security is not a strategic backbone to their own IT setup and network from top to bottom they might not be offering the level of security your organisation requires. A brand new pair of Tier3 Data Centres with “military-level security” does not mean anything if there is no fault-tolerant network, with multiple points of failure, or no monitoring service to make sure all the traffic remains uncompromised.
Check that your provider offers:
- Data Centres in a “low-risk area” outside of a city centre and away from the threat of power outages or terrorist attacks
- An ISP-independent, underlying fully redundant network that they own and manage
- Solutions that can be failed-over to a second separate site if needed
- Connectivity options with various providers
Avoid vendor lock-in
You don’t want to be locked into any provider forever. So you need to look for a one that can supply cloud services based on a standard platform that you can migrate from again if you need to. In essence you need to build your exit strategy when you engage. VMWare’s vCloud is the leading cloud platform at the moment. Building a cloud solution based on their stack will allow you to migrate your workloads and applications to another provider if required in the future.
Accreditations
Ask your provider for evidence of their accreditations. There are two accreditations that relate to Information Security and Business Continuity Management:
- ISO27001
- BS25999 [This accreditation will be superseded by ISO22301 in 2014]
Check also that your supplier has the right technology partners in place and that their partner status is current (this is important). It may also be worth checking whether the staff are all CRB checked, otherwise you could be buying a really secure system run by less than scrupulous people.
Hardware infrastructure
One of the most common cloud computing myths is that hardware becomes irrelevant with the cloud. The technologies used and the overall performance of your provider’s hardware do matter if you want to be certain of getting a professional and reliable solution. Check that your provider is using cutting-edge infrastructure – CPUs, switches, firewalls, storage area networks (SANs) and hard drives. These components can differentiate an enterprise-class cloud offering from a Virtual Private Server with entry-level performance.
Make sure you are comparing like-to-like in terms of performance, especially when you are buying storage, using industry standards such as IOPS, or Passmark scores. The technology in infrastructure has moved on a long way even in two years!
Compliance and legal issues
Now this really is a sensitive one; data domicile matters – or in other words “where in the world is the technical infrastructure located and where are my applications and data exactly?” Different countries have different data regulations and you need to be certain of where your data is actually being held.
In the last 18 months, the Patriot Act and the US government’s ease of access to any data centre of an American provider even on European soil, has created a lot of controversy and fear among perspective cloud customers (see Frank Jennings’ blog here on the subject).
Especially when it comes to UK sourced data, where the legal framework concerning information security and usage is stricter (and even more so in specific, regulated industries). The location of the Data Centres and where data and applications reside are very real and significant issues that need to be addressed. In any case, you should consume cloud resources and migrate data in a controlled manner, knowing exactly how the cloud you are using is set up and where it is located.
References and industry experience
Another important factor in the checklist when making your selection is the cloud provider’s existing clientele and references. Look for relevant reference companies in your sector, who have similar requirements to you. Ask for case studies that explain what the provider did for them as a demonstration of their technical and support capacity. Try to engage in a conversation with the relevant customer and ask for their experience with the company.
Support and flexibility
Last but not least, consider the level of support you will get and how personal that support is. Sometimes a helpdesk is not enough to sort out your problems or help you with your cloud adoption strategy. Besides solving any technical problems and resolution, consider whether the provider can provide adequate account management and offer a consultative approach towards what your mid-term/long-term objectives. Can you initiate a discussion with the tech support, or even better the cloud vendor’s technical architects, to go through your specific requirements and technologies? Can the provider offer professional advice about your systems and IT infrastructure choices over the next months? Does the provider have the expertise, industry knowledge and understanding to guide you through the “cloud-washing” and hype that you come across every day?
Look for a provider that can accurately assess your requirements, provide support to migrate your data and manage any issues that may arise, for whatever reason.