As an industry, cloud computing has evolved a lot over the past months and years. Best practices have evolved into established standards as the industry has evolved with the technology driving it. Saying this though, there is still a huge amount of trust involved; transferring your systems and applications from local hardware to a public cloud environment is a big step.
Trust is not a trait that is easily earned in the business world and with big players within the industry having a less-than-stellar record; it is unsurprising that many do not want to make the decision to enter into a long-term contract with undue haste.
This article contains a number of questions that you should ask your cloud provider; these should go a long way towards establishing the trust required to enter into a contract.
As many of the trust issues with cloud computing stem from security issues, it makes sense that security be the starting point of the article.
The first thing to ask if the provider has achieved any specific security certifications. An example certification could be PCI-DSS (Payment Card Industry Data Security Standard); if your company needs to be PCI-DSS compliant then so does your cloud provider, you can effectively discount any providers without this certification.
It can also be a good idea to gauge how security minded a particular cloud company are. A good way to do this can be by examining their client list. If they have a number of security minded organisations (financial institutions for example, or any company likely to be dealing with sensitive data and information), then it is often a good indicator that security is a top priority for the cloud company. While this method is far from fool proof, it does often provide a good incite. Although, it is unwise to discount new entrants to the market due to a small client base.
The next area to focus on is cost. Cost reduction - as one of the great promises of cloud computing - is often high on the figurative priority list. As with any transaction or service, it is important to understand the cost structure of any particular cloud provider.
When breaking down cloud pricing, you can usually split the cost into two sections; storage and networking.
With storage, some providers will allocate a certain amount of storage space for every cloud server that is created for you with any extra space needed incurring an extra charge. On the other hand, with some providers, you are responsive for your own storage; you're able to allocate whatever size disc you desire, without any additional internal storage. Therefore, in other words, the cost and break down of storage space is entirely dependent on the provider in question.
As for networking, a similar rule of thumb applies. It's common practice for cloud providers to charge for outbound data but not for inbound data. This isn't always the case though, some with charge you for both while some will charge you for neither. While this may not be particularly useful, it does highlight the need for you to ask and understand a pricing structure before agreeing to a contract.
Risk is the final area to discuss in this article. Risk is particularly important when it comes to cloud providers and each provider should be assessed individually. With cloud providers, most risks come in the form of legislations and SLAs (Service level agreements).
When talking about legislation, it is generally in regard to assessing exactly where your workload, data and processes are going to lie. The reason for this is that the location has a direct bearing on what rules, regulations and laws apply. For this reason, getting familiar with legislation is fundamental when transferring sensitive date to the cloud.
SLAs are the other commonly noted risk in regards to cloud services. SLAs define the level of service that is promised from the provider to the client. The SLA is put in place to protect the client should the provider fail to meet any of services promised. In cloud computing, most SLAs are related to service availability but some will cover other things too. Unfortunately, SLAs are rarely - if ever - straightforward, so it's incredibly important to examine them before entering into a contract. Again, a very important question to ask.
I hope this article has been helpful in identifying some of the more important questions to ask potential cloud providers before it is too late.
Trust is not a trait that is easily earned in the business world and with big players within the industry having a less-than-stellar record; it is unsurprising that many do not want to make the decision to enter into a long-term contract with undue haste.
This article contains a number of questions that you should ask your cloud provider; these should go a long way towards establishing the trust required to enter into a contract.
As many of the trust issues with cloud computing stem from security issues, it makes sense that security be the starting point of the article.
The first thing to ask if the provider has achieved any specific security certifications. An example certification could be PCI-DSS (Payment Card Industry Data Security Standard); if your company needs to be PCI-DSS compliant then so does your cloud provider, you can effectively discount any providers without this certification.
It can also be a good idea to gauge how security minded a particular cloud company are. A good way to do this can be by examining their client list. If they have a number of security minded organisations (financial institutions for example, or any company likely to be dealing with sensitive data and information), then it is often a good indicator that security is a top priority for the cloud company. While this method is far from fool proof, it does often provide a good incite. Although, it is unwise to discount new entrants to the market due to a small client base.
The next area to focus on is cost. Cost reduction - as one of the great promises of cloud computing - is often high on the figurative priority list. As with any transaction or service, it is important to understand the cost structure of any particular cloud provider.
When breaking down cloud pricing, you can usually split the cost into two sections; storage and networking.
With storage, some providers will allocate a certain amount of storage space for every cloud server that is created for you with any extra space needed incurring an extra charge. On the other hand, with some providers, you are responsive for your own storage; you're able to allocate whatever size disc you desire, without any additional internal storage. Therefore, in other words, the cost and break down of storage space is entirely dependent on the provider in question.
As for networking, a similar rule of thumb applies. It's common practice for cloud providers to charge for outbound data but not for inbound data. This isn't always the case though, some with charge you for both while some will charge you for neither. While this may not be particularly useful, it does highlight the need for you to ask and understand a pricing structure before agreeing to a contract.
Risk is the final area to discuss in this article. Risk is particularly important when it comes to cloud providers and each provider should be assessed individually. With cloud providers, most risks come in the form of legislations and SLAs (Service level agreements).
When talking about legislation, it is generally in regard to assessing exactly where your workload, data and processes are going to lie. The reason for this is that the location has a direct bearing on what rules, regulations and laws apply. For this reason, getting familiar with legislation is fundamental when transferring sensitive date to the cloud.
SLAs are the other commonly noted risk in regards to cloud services. SLAs define the level of service that is promised from the provider to the client. The SLA is put in place to protect the client should the provider fail to meet any of services promised. In cloud computing, most SLAs are related to service availability but some will cover other things too. Unfortunately, SLAs are rarely - if ever - straightforward, so it's incredibly important to examine them before entering into a contract. Again, a very important question to ask.
I hope this article has been helpful in identifying some of the more important questions to ask potential cloud providers before it is too late.
Local, national and global cloud service providers can be found worldwide.
0 comments:
Post a Comment