6 Questions to Ask When Selecting a Cloud Provider

The cloud is growing up. It’s past infancy when it first started getting noticed, and it’s well-beyond those teen years when everyone was trying to figure it out. According to a Forrester report, the cloud has finally entered its “young adult years.” This is when things get serious—and adult decisions need to be made.

So, if you’re taking to the cloud, or even just switching providers, here are six questions that you need answered, and what to check for on an SLA (service level agreement).

How Should I Migrate?

There are several approaches available, and a reputable cloud provider will walk you through each. Every situation is different, but it could come down to matters of cost, immediacy requirements, and the existence of expensive legacy systems. The three ways most organizations choose to migrate are:

• Lift and Shift: Replicating all on-premise workloads and moving them into the cloud, regardless of compatibility.
• Hybrid or Replatforming: Lifting and shifting some on-premise workloads into the cloud, while keeping sensitive data in a private cloud, or gradually “up-versioning” workloads to take advantage of the new cloud environment and moving over time.
• Re-architecturing: Rebuilding and recoding an organization’s entire infrastructure to have it fully optimized in a new cloud environment, operating as a true “cloud native.”

What Uptime Can I Expect?

The industry standard for uptime is measured in percentages based on how many nines are included. For example, 99% uptime (“two nines”) is the equivalent of three days of downtime per year; however, partner with a provider offering 99.99% uptime (“four nines”), and downtime drops to under 1 hour per year—just a few seconds per day. The provider’s SLA should spell out acceptable (to you) performance parameters, applications and services that are covered, monitoring procedures, and a schedule for remediation if a downtime event does occur, such as a power outage. You should also look for a liquidated damages section, highlighting penalties the provider will incur if the terms of data protection in the SLA are not met.

How is Security Maintained?

Studies show that at least 95% of cloud security failures will be a result of the user, not the cloud provider. However, a reputable, hands-on cloud provider will work with you to perform a vulnerability assessment to ensure your organization is safe. Following the initial assessment, your cloud provider should offer security analytics and ongoing visibility of vulnerabilities through continuous monitoring. This provides a layer of protection against threats, while enabling organizations to better predict, detect, and prevent security incidents. Think of your provider as augmenting your own internal staff, complementing their efforts with even greater security measures.

How Do You Protect from Natural Disaster?

Natural disasters cost the United States economy a record $306 billion last year alone, so never shy away from asking a potential provider about how they’re prepared to protect your data. After all, no matter where your provider’s data center is located, there is always going to be some form of natural disaster, whether it’s a hurricane in the Southeast, a tornado in the Midwest or a wildfire on the West Coast. Questions to ask include:

• What is your Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?
• Do you have an Uninterrupted Power Supply (UPS)?
• Are you a safe proximity from flood zones?
• Are your structures hurricane rated and/or tornado resistant?
• Do you have N+1 redundancy in the event of disaster?

What Compliance Do You Offer?

No matter your industry, you’ll want to be sure your provider has achieved SOC 2 certification, which offers proof that their system is designed to keep sensitive data secure. Other industry regulations you’ll want to look for include:

• PCI DSS for businesses collecting credit card and payment information.
• CJIS compliance for government, state, and local agencies dealing with background history and fingerprints.
• HIPAA/HITECH for protecting the healthcare data of patients.

You may also want to ask potential providers about their understanding of Europe’s GDPR, or Government Data Protection Regulation. GDPR compliance involves a complex set of regulations for organizations operating on a global scale. 2019 is expected to be the year the impact of GDPR is truly felt (and serious fines for not abiding are handed out), so it’s wise to ensure they’re knowledgeable about it.

What If I Choose to Leave Your Cloud?

Some public cloud providers make it easy to move your data into their cloud, but make it extremely difficult to take it out (known as cloud repatriation). We call it the “Hotel California” effect, wherein the provider will hold your data hostage, only releasing it after securing payment of potentially tens of thousands of dollars (often charged per gigabyte, which adds up quickly). Even worse, some public clouds never return the data—at least, not in a usable format. Instead, you may get an excel export of data that’s impossible to work with, requiring it to be completely rebuilt. Be sure to ask providers about their repatriation policy, and get it in writing that the cost will be minimal, and data will be safely returned in the agreed upon format.

83% of enterprise workloads will be in the cloud by 2020. However, this rapid pace of adoption should not have organizations rushing in without a good understanding of what they’re getting into. A reputable provider will be very transparent, providing clear answers to all your questions as well as an easy-to-read SLA. If you’re considering moving to the cloud, or changing providers, contact Thrive. We are Florida’s preferred cloud provider, and we will work with you to make your move seamless, quick, and efficient.