Industry analysts forecast a rapid formation of cloud offerings* by 2012, with IDC predicting the cloud services market topping $42 billion, and Dataquest predicting that 28-37% of all server shipments will be for cloud building. But before you dive in, you should ask a few questions.
1) What does your ideal partner look like?
Identify the characteristics of providers that are most important to your company. For example:
- Do they offer appropriate service level agreements (SLA) and audit documents (SAS 70)?
- Do they have the right experience to manage enterprise cloud services?
- What is their Disaster Recovery and Business Continuity strategy?
- Who is responsible for data back-ups?
2) Where’s the Security Guard?
A critical component to a healthy cloud strategy is ensuring that your internal security technologies and practices such as network firewalls and user access controls are strong and mesh well with your cloud provider’s own security measures. Remember: Your side of the infrastructure is just as vulnerable, if not more so, than the cloud provider’s side. Key
- Be sure that the cloud provider you choose can supply detailed information about its security architecture.
- Request a copy of their Statement on Auditing No. 70 (SAS 70) audit controls. Unwillingness to commit to an audit request should be a big red flag.
- How do they detect if an application is being attacked (hacked)? How/when are attacks reported to you?
- What controls – physical and virtual – are in place to ensure your data’s safety?
- What’s the access control? Does a single password provide access to everything?
- What type of employee / contractor screening do they do?
- How flexible are they when working with you on your security requirements.
3) Is it Legal?
Certain industries are subject to laws and regulations that affect what you can and can’t put in the cloud. Also, some major cloud providers have their own rules around “discriminatory material” and copyright. Make sure you know what their rules are before you upload the data or you might just lose. You can hope the provider would exercise good judgment before deleting your data, but you shouldn’t stake your business on it.
- Does your provider have specific regulatory expertise or data encryption options in your industry?
- Will they commit to storing and processing data in specific jurisdictions?
- Will they make a contractual commitment to obey local privacy/regulatory requirements?
4) Are they in it for the Long Haul?
Make sure you choose a cloud provider that really takes your relationship seriously and provides a solid partnership when supporting and hosting your server and data needs.
- Choose a partner that will be there when you need them
- Ask for references and check them
- Find out what kind of financial footing they are on
5) What’s your exit strategy?
No matter how much you plan and prepare, sometimes it just doesn’t work out. If you aren’t satisfied with the cloud in general, or your provider in particular, having a plan for ending the relationship will save you time and money.
- How much will the migration back cost?
- Will you still have employees with the skills needed to manage your data?
- Do you have full ownership of your data?
- How easy is it to migrate to another cloud service provider?
* Have you noticed how a lot of articles talking about cloud computing use weather analogies?