The constant innovation in architectures and ways of working continues to bring increased levels of effectiveness to each succeeding generation in the field of Information Technology. The latest of such innovations happens to be in virtualization and cloud computing services are based on this concept. It also provides more opportunities to optimize the ways with which you deliver IT as a service.
The basic mission of any cloud service provider is to deliver IT as a service for example hosted exchange which provides exchange server hosting without actually getting the infrastructure in-house. This would result in reduced capital expenses for you so that you can focus on your core competencies. Typically a cloud service provider would offer: Business applications services, hosted productivity tools, hosted communications and social tools (like hosted exchange and hosted sharepoint), trading community services, plug- in services, operational services, application platform services and utility services. If you have plans of migrating or opting for the cloud storage you need to engage with cloud service providers to understand the reality and know how to differentiate it from the hype. Large data centers virtualize and make available the resources to store files or data objects for the people who keep their data hosted. These resources generally span across several servers with security of the files depending upon the hosting websites. A right understanding is the key to the successful deployment of cloud based services.
There are many questions you must ask your cloud service provider and some of the most important ones are as follows:
What are your major Service Level Agreement terms and are they negotiable?
This is probably the most important question any client may ask their cloud service provider as Service Level Agreements or SLAs is a great way to align with them. One must evaluate the service provider’s SLAs to determine their performance and the client in turn should be able to satisfy their computing needs out of the box. Negotiating a cloud SLA is as important as enforcing one. SLA administration is a specialized form of application performance management in the cloud. SLAs should be relevant to what they’re supposed to accomplish such as availability, transaction time, storage, and performance.
Are you transparent in sharing the SLA performance and is it results oriented?
There is no way of assessing the SLA performance until your service provider shares the report on daily, weekly, or monthly basis. Also your visibility into situations increases with the performance reports data that may indicate the breaches of the SLA if any. Unless you get to see the History of your service provider’s Service Level Performance you have no way of even remotely guessing if the SLA is results oriented.
What if you miss the performance objective?
If the cloud service provider misses on the SLA performance objectives, they will have to pay a certain penalty or suitably compensate you. Discuss this to know how it works in reality.
How does your disaster recovery plan work and how frequently do you test it?
Though most companies test their disaster recovery plans pretty frequently we also know that they fail because there is this concept of follow up and remediation plans. We also have seen some of these remediation plans fail. A cloud service provider should specialize in disaster recovery and should a disaster occur the recovery point objective should be at least near real time if not actual real time.
What Critical Security and Compliance Requirements do you meet?
Since your organization is accountable to customers, partners and employees, security and compliance are vital in evaluating cloud service provider’s approach to a security program. To map your needs for privacy, accountability, confidentiality, and integrity you need to know about the service provider’s capabilities and policies for protecting your data and application. Rather than questioning the technology you need to question the way you utilize the security approach as a consumer. You need to verify if your provider meets security and compliance standards established by the Payment Card Industry (PCI) Security Standards Councilor, the National Institute of Standards and Technology (NIST), the Statement on Auditing Standards No. 70 (SAS70), the Health Insurance Portability and Accountability Act (HIPAA) or the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP).
What is your fee structure?
Finally you must be clear about the tariff and ask the service provider if they would provide a standard annual termination for convenience and allow for annual usage level based on business needs. Also some of them provide monthly rollover usage and long term price protection.