How to select a cloud infrastructure provider for Disaster Recovery

By Martin Wright, Managing Director of Techgate PLC

“…Make sure you ask the right questions when choosing a Cloud Infrastructure provider.”

The cloud market place is maturing and the range of solutions on offer is becoming broader, but this can make it even trickier to judge exactly what you are buying. Your Disaster Recovery (DR) solution must be as secure as your in-house IT systems, but many companies are not yet asking the right questions when it comes to selecting a trusted provider. This blog post tells you how to avoid some of the pitfalls.

Security and availability

Make sure your Business Continuity provider takes security seriously, especially if your company handles sensitive data. If security is not a strategic backbone to their own IT setup and network from top to bottom they might not be offering the level of security your organisation requires. A brand new pair of Tier3 Data Centres with “military-level security” does not mean anything if there is no fault-tolerant network, with multiple points of failure, or no monitoring service to make sure all the traffic remains uncompromised.

Check that your provider offers:

  • Data Centres in a “low-risk area” outside of a city centre and away from the threat of power outages or terrorist attacks
  • An ISP-independent, underlying fully redundant network that they own and manage
  • Solutions that can be failed-over to a second separate site if needed
  • Connectivity options with various providers

Avoid vendor lock-in

You don’t want to be locked into any provider forever. So you need to look for a one that can supply cloud services based on a standard platform that you can migrate from again if you need to. In essence you need to build your exit strategy when you engage. VMWare’s vCloud is the leading cloud platform at the moment. Building a cloud solution based on their stack will allow you to migrate your workloads and applications to another provider if required in the future.


Ask your provider for evidence of their accreditations. There are two accreditations that relate to Information Security and Business Continuity Management:

  • ISO27001
  • BS25999 [This accreditation will be superseded by ISO22301 in 2014]

Check also that your supplier has the right technology partners in place and that their partner status is current (this is important). It may also be worth checking whether the staff are all CRB checked, otherwise you could be buying a really secure system run by less than scrupulous people.

Hardware infrastructure

One of the most common cloud computing myths is that hardware becomes irrelevant with the cloud. The technologies used and the overall performance of your provider’s hardware do matter if you want to be certain of getting a professional and reliable solution. Check that your provider is using cutting-edge infrastructure – CPUs, switches, firewalls, storage area networks (SANs) and hard drives. These components can differentiate an enterprise-class cloud offering from a Virtual Private Server with entry-level performance.

Make sure you are comparing like-to-like in terms of performance, especially when you are buying storage, using industry standards such as IOPS, or Passmark scores. The technology in infrastructure has moved on a long way even in two years!

Compliance and legal issues

Now this really is a sensitive one; data domicile matters – or in other words “where in the world is the technical infrastructure located and where are my applications and data exactly?” Different countries have different data regulations and you need to be certain of where your data is actually being held.

In the last 18 months, the Patriot Act and the US government’s ease of access to any data centre of an American provider even on European soil, has created a lot of controversy and fear among perspective cloud customers (see Frank Jennings’ blog here on the subject).

Especially when it comes to UK sourced data, where the legal framework concerning information security and usage is stricter (and even more so in specific, regulated industries). The location of the Data Centres and where data and applications reside are very real and significant issues that need to be addressed. In any case, you should consume cloud resources and migrate data in a controlled manner, knowing exactly how the cloud you are using is set up and where it is located.

References and industry experience

Another important factor in the checklist when making your selection is the cloud provider’s existing clientele and references. Look for relevant reference companies in your sector, who have similar requirements to you. Ask for case studies that explain what the provider did for them as a demonstration of their technical and support capacity. Try to engage in a conversation with the relevant customer and ask for their experience with the company.

Support and flexibility

Last but not least, consider the level of support you will get and how personal that support is. Sometimes a helpdesk is not enough to sort out your problems or help you with your cloud adoption strategy. Besides solving any technical problems and resolution, consider whether the provider can provide adequate account management and offer a consultative approach towards what your mid-term/long-term objectives. Can you initiate a discussion with the tech support, or even better the cloud vendor’s technical architects, to go through your specific requirements and technologies? Can the provider offer professional advice about your systems and IT infrastructure choices over the next months? Does the provider have the expertise, industry knowledge and understanding to guide you through the “cloud-washing” and hype that you come across every day?

Look for a provider that can accurately assess your requirements, provide support to migrate your data and manage any issues that may arise, for whatever reason.

+ posts

Meet Stella


Related articles

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Is sustainability ‘enough’ from a Cloud perspective?

The idea of uprooting entire sustainability initiatives that took years to formulate and deploy is unsettling for businesses but, in truth, it doesn’t have to be so revolutionary.

Subscribe to our Newsletter