Article provided by ContinuitySA
Cloud is changing the way in which SME’s among others procure a range of services, from applications through to platforms and even infrastructure. However, choosing the right cloud provider is not such an easy task, and CIOs and IT managers need to understand the criteria to apply, advises ContinuitySA.
There are so many cloud providers out there that choosing the right one can seem like an impossible task,” he says. “In fact, there is a good argument to be made for working with more than one cloud provider, essentially selecting specialists for each service—the multi-cloud approach. One is essentially creating a best-of-breed cloud stack.
At the outset, it is critical to understand the pros and cons of the various cloud delivery models. The public cloud offers reduced costs and management overheads for standard applications like e-mail, Web applications and CRM. However, the trade-off is that infrastructure is shared, the offerings are standard and if the provider is hacked or otherwise compromised, all its clients suffer.
In the private cloud, application and workloads are hosted on dedicated infrastructure—clients have more control and security is tighter. It is more expensive than the public cloud, and may be less scalable. A mission-critical service like business continuity is perhaps best suited to the private cloud because each continuity plan is tailored to a client’s unique profile and needs.
The hybrid cloud is appealing because it allows an organisation to choose not only multiple cloud providers but also a range of delivery models.
When choosing a cloud service provider, whether public or private, the CIO needs ask a series of questions to make the right choice:
- How specialised is the service and how important is customisation?
- Where is my data stored and what measures does the provider have in place to ensure it is available? For example, is there a second failover site? How are data backups done and are they segregated from the network to ensure cybersecurity? How quickly can data be restored, and to what extent?
- What physical security measures are in place at the data centre? What is the provider’s cybersecurity capability, and ability to respond to hacking?
- How readily can the service be scaled as business circumstances changes?
- What support is offered, and how?
- What is the pricing structure, and how flexible is it?
- How easily could I move this service to another vendor?
- Who else is using this provider and what do they say about their experience?
Getting data security right
One of the top concerns holding companies back from moving into the cloud is data security. Investigating a potential cloud service provider’s data security is thus worth a detailed investigation, supplementing the general security questions noted above.
Given the scale of cybercrime today, and the increasingly vigorous regulatory oversight, it is advisable for companies to look at ways to protect their data as it moves between their users and the cloud—encryption is becoming a necessity. In addition, policies should be in place to ensure that the data can be accessed only by the right people within the company. It’s also essential to check up whether the cloud provider complies with applicable regulations, among them the Protection of Personal Information Act (South Africa), General Data Protection Regulation (European Union) and the Health Insurance Portability and Accountability Act (United States), to name just a few.”
A final word of warning is to ensure that the service provider’s terms and conditions have been well understood.