Every successful business needs a network of partners that it can trust to support it and deliver for it. That’s why when it comes to moving to the cloud, choosing the right provider should be at the top of your list. The choice of provider could have a significant impact on your IT operations and the services you deliver to your customers.
When coming to a decision though, it’s not just a case of looking at what they a potential provider might say on their website. A car can look great on the outside but when you look under the bonnet it can be a very different story. So making the right decision is about looking at the engine that drives the provider’s abilities – does it have the skills, the technologies, the services, the security, the reputation and the financial longevity to support you in the years to come?
At iomart we understand the difficult choices that face IT directors when they’re looking to make the move. We’ve identified five main factors to take into consideration when choosing the most appropriate cloud provider for your requirements.
Technologies and Services Roadmap
A partnership is defined as an arrangement where parties agree to cooperate to advance their mutual interests. It is critical therefore to choose a partner who understands what you are trying to achieve and is aligned to and supports both your business ambitions and your cloud objectives.
In the case of the hyper cloud providers such as AWS, Azure and Google Cloud – they have a vast array of tools and resources but how you use them is down to you. There is no human relationship with the provider unless you happen to be a very large enterprise. However there are other cloud providers, like iomart for instance, who can manage those pubic cloud services for you and advise you on which tools are best for your requirements.
For all other cloud providers, there are a number of key questions to ask. Can they support the technologies that you want to use? Do they have experience in building and managing the private and hybrid cloud infrastructure to support both sensitive and non-sensitive workloads?
What you don’t want to do is select a cloud provider and then find out that you are going to have an enormous amount of work on your hands to re-architect your applications to work in their environment. There are numerous examples of businesses having to change providers because they haven’t done due diligence on their approach to handling legacy workloads before they’ve moved.
Equally important is their migration services. Do these cover the planning stage as well as the actual move? At iomart we have specialist consultants who can help at the very start to ensure that your cloud roadmap covers every aspect – from proof of concept, to planning, through migration, to ongoing support.
You should be comfortable that the provider can offer all the cloud services you are looking for and that it has a track record in implementing the technologies you want to use. What size is its technical team? What expertise and certifications do they have? Are you looking for expertise in applications and legacy workloads, as well as platforms and cloud infrastructure? Can they show you examples of similar migration work from other customers? All these aspects need to be covered off.
Moving to the cloud might also involve working with more than one cloud provider. If you are using more than one, do they need to talk and, if they do, what sort of relationship do they have with each other?
The roadmap should include what you are wanting to achieve now but also where you see your business in the next few years. This way you can factor in any scalability to make sure that this new partnership will grow as your business grows.
Cloud Data Security and Governance
Not surprisingly, outsourcing data to a third party in the cloud brings with it a number of security and governance issues. Security is a two-way responsibility. The provider is supplying the infrastructure on which your platform and applications sit. They keep the physical hardware and data centre infrastructure secure, you have to do the same for the platform which sits on it and the data that flows through it.
The location in which your data resides is another key consideration when choosing a suitable cloud provider. Where your provider has data centres could be critical to your business requirements. If you’re moving to AWS, Microsoft Azure or Google Cloud for instance, you might not know which region your data is in and you might never speak to anyone directly in support when you raise an issue.
A provider that gives you choice and control over where your data is stored, processed and managed might be crucial, or, for less sensitive data, you might be quite happy not knowing where in the world it is. Transparency is important however in all aspects of your choice.
How they move data around is also important. Sensitive data should be encrypted in transit and at rest to prevent unauthorised access.
For a company like iomart, the relationship is very much one of joint responsibility. The physical security of the data centres, the encryption of data as it travels and is at rest in our data centres, and the protection of our network from attack – all these aspects are iomart’s responsibility. The actual data and the platform on which it sits is very much the customer’s responsibility. You cannot sign up with a cloud provider and then just wash your hands of any responsibility. Network, server, data centre and access measures must all be in place and must correspond with the regulatory and compliance standards you as a business have to meet. Understanding how they mitigate against cyber-attacks as well as physical attacks is also important.
With the EU General Data Protection Regulation now in force, get to understand the provider’s breach notification processes and ensure they match up with your appetite for risk. At iomart we have put everything in place to meet our obligations under the GDPR.
One of the other ways to understand a provider’s attitude to data security is to assess the maturity of their management systems and processes. Are they compliant with industry standards such as ISO 27001 and ISO 9001? Are they audited regularly by an independent body? If they are, like iomart is, ask them to share this information with you. In different countries there will be a need to meet specific standards – such as PCI DSS for storing and processing credit card data, and HIPAA for protecting healthcare data. Do they adhere to these standards?
Other questions to ask include: What happens if you have to move away from them? Will they delete your data? Do they use any other third parties and if they do, what is that relationship like? Read our cloud security risks blog for more information.
Cloud Hosting Costs
Although it shouldn’t be the only consideration, cost invariably plays a big part in any decision to move to the cloud. However, cheapest doesn’t always mean best. Costs can be hard to work out because there can be many different costs associated with the cloud: compute, power, connectivity, time and labour.
At the basic level, different types of cloud provider charge for their services in different ways. The public cloud vendors have subtly different pricing structures but they’re all based on pay-as-you go. AWS works on how many hours you use; Google Cloud rounds it up by the minute; while Microsoft Azure works by the minute and offers discounts for pre-payment. Your usage patterns will determine the cost and what fits your budget.
Straight forward managed service providers like iomart, will have unique prices based on their individual services and the hardware and software resources behind the solutions they provide. These are usually delivered on a monthly recurring fee basis. The ability to scale resources according to your workloads or burst out of them to the public cloud will need to be factored in.
What you don’t want is to suddenly run up unexpected bills. Have an idea of the price you think you want to pay; only pay for the cloud technologies you are going to need but have the ability to scale. The best way to get costs right in the cloud is to be sure you know what level of service and expense your organisation is comfortable with and to ensure that you know who will be using the cloud services within your organisation so costs can’t spiral out of control.
Choose a provider that has a stable financial track record of its own and is clear about their billing processes. If they are in a healthy financial position you know they will be with you for the long term.
Reliability and Performance
Cloud outages or downtime can be damaging to a business but they do happen, even to the biggest cloud providers. Therefore when assessing a potential cloud provider it is important to look at the amount of downtime they’ve suffered but also to understand how they’ve responded when there has been an issue and what processes they have in place to deal with incidents and how they document them. You can check this by looking at their logs, status pages or asking them for the information about their response times and how they have resolved any incidents they’ve suffered. It’s also important to question them about how they control access and physically protect their data centres.
The Service Level Agreement (SLA) they offer will also determine how reliable they are likely to be. It should clearly state what compensation they provide to customers if they fail to meet their obligations. Be careful though because a smaller cloud provider might agree terms with you that it cannot actually match up to. Ultimately your SLA should reflect the level of service that your organisation is comfortable with but also reflect the confidence the provider has in their own infrastructure and network. An experienced provider should be able to cover all of this.
How do their disaster recovery and business continuity processes compare to others? This involves looking at their Recovery Time Objectives and Recovery Point Objectives to assess what data loss you could potentially suffer as a customer if there is an incident.
They should also have processes in place to monitor their systems 24x7x365 and have clear methods of communicating with customers and important partners if something does happen. Of course routine maintenance also has to take place. How do they notify customers of this and how would they let you know about any changes to your service?
Ultimately you are looking for a way to have peace of mind in your new relationship.
Cloud Accreditations and Support
If your organisation does not have the in-house skills to manage your new cloud services, you need to consider this when selecting your cloud provider. This is an aspect that’s often overlooked but is crucial in making sure that you are following best practice for your new cloud environment. By being able to call on a team of experienced specialists from your provider you will have the cloud expertise you need to make a successful move.
As stated previously, a good indicator of a cloud provider’s reputation is to look at the industry standards they operate to and the certifications they carry. Do they comply with international and U.K. standards on data management, data redundancy, and cloud security? iomart is proud to be the most accredited managed cloud services provider in the U.K. We work to international industry standards and meet the U.K. government’s expectations, having been a supplier to the G-Cloud framework for almost a decade.
On a day-to-day basis, you would also expect to have 24×7 technical support so, if there is an issue with one of your services on any given day, you can raise a ticket quickly or speak directly to someone on the telephone to get it dealt with, depending on the type of support you are paying for. Can you access an engineer in an emergency? Does the provider have a NOC team (Network Operations Centre) team who are on site to deal with any customer issues and do they have quick access to their vendor partners to get fixes done quickly?
Once you’ve given your potential provider a clean bill of health the final piece of the jigsaw should be to consider what might happen if you have to leave them. Ensure you have a clear exit strategy when you enter into the relationship and that you know what will happen to your data in the event that you have to sever your ties.
Choosing a cloud provider is about assessing the technical as well as the more practical aspects of the services on offer. Talk to their existing customers if you can and take time to understand their offering and consider if you can both grow together? Can they scale your services as your business activities expand? The more knowledge you have, the better the decision you will make.
iomart has been supporting its customers’ cloud ambitions for two decades. We have a 300 strong technical team backed by the most secure infrastructure and solutions, plus the certifications to prove it. Real people, with real expertise, to fix real problems. We have the experience and knowledge to ensure you get maximum benefit from the cloud.