Saying “yes” to a cloud strategy is the easy part. Eliminating on-premise infrastructure and management overheads in favour of greater agility, efficiency, security, connectivity, cost-savings and more makes a great business case. However, once the strategy is signed off, the hard work begins: how to choose a cloud provider to deliver IaaS that is “just right” for your business? That’s when the huge array of different providers and options can start to obscure your vision and make supplier due diligence a problem.
Comparing quotes and services from competing providers without a strong understanding of your business objectives and success parameters can quickly result in decision paralysis or, if you rush the process, the risk that you may end up overpaying for unused resources or compromising on performance as a result of budget constraints. And that is the opposite of what the cloud should be about. Your “just right” cloud provider should deliver a service that fits your objectives like a glove and offers the right level of performance at the right level of investment. Below are ten key aspects to consider when conducting due diligence and selecting the provider that’s right for your business.
Global access and availability: Laws, latency and location
When your data leaves your on-premise data centre, there are likely to be limitations on where it can go. If your data needs to be physically held by law in a specific geography, you need to confirm with providers that they can accommodate this. And, once you know where the data is, you need to verify that this location won’t create latency or bandwidth issues that will negatively affect performance. Finally, check that the data centre location provides adequate distance between primary data and backup data in case you need to activate disaster recovery.
Once you have your cloud you need to manage it, but how straightforward will this be? You’ll want to know how easy the management interface is to use. If it is API/CLI-driven, do you need to allocate internal resources to manage it? Will training be required and will the provider deliver this? What level of control and visibility is possible from the management interface into billing, performance and security?
Analyse your applications and determine where the balance between performance and budget lies for each. Mission-critical apps that need high performance and zero latency require more resources and therefore expenditure, whereas a lower priority app used less frequently does not need the same level of guaranteed availability. This analysis is critical to hitting the custom-fit “just right” sweet spot and avoiding costly over-provisioning or performance-destroying under-resourcing. Think about how your business might scale in future rather than about your requirements just now. Ask the provider how they’ll help you find the balance between performance and cost. If you have applications licensed on the basis of core CPU count, can the provider offer server blades with fewer CPU cores to match the license core count, to avoid paying for redundant resources?
Security and compliance
Cloud today is generally accepted as offering robust security and compliance, but as the environment matures and regulations intensify, customer requirements become more nuanced, meaning the standard security provision may not be sufficient. You want a provider that is as expert – if not more so – on the regulations and restrictions that your business must comply with as you are. Data sovereignty, industry-specific regulations and general data protection issues are complex and you should be seeking a provider that can offer a consultative service so you can evolve together to ensure long-term security and compliance.
Data backup and disaster recovery
Not all cloud providers include data backup in their basic cloud service, instead bolting it on for an extra cost. That can come as an unwelcome surprise when you think you’re getting the whole package. Make sure you understand what backup capabilities the provider offers – both full and incremental – and whether they are safely located. The same goes for disaster recovery and this is a key part of supplier due diligence. Do they have a second data centre for disaster recovery and is it far enough away from the primary site to be unaffected by a physical interruption there.
Connectivity and networking
When assessing connectivity and networking impacts, it’s important to understand what skills you have in-house and whether there are any deficits that will cause your team difficulties. You also need to understand business requirements and what the cloud service provider’s capabilities are. For example, many organizations have advanced network topologies that require the usage of specific carriers, virtual or physical equipment, co-location and software defined network options.
Strategy and planning
Central to meeting your business objectives is the question of whether your applications are suited to the cloud IaaS you are planning to adopt. This comes with a raft of sub-questions, such as what CPU, memory, storage, bandwidth will they need, and can they be suitably backed up to achieve the required RPO/RTO objectives? It can be useful to seek providers’ support to cover all these angles for all your applications and develop a strategy, otherwise you will need to allocate internal resource or a third party consultant to get all this information and interpret it into a migration strategy.
Onboarding and deployment
When it comes to pushing the button on your cloud deployment, will you be doing it yourself, or being supported by your provider? Different providers offer varying levels of support, from DIY to a full concierge onboarding and migration service, at different prices. It’s vital you know where you are on that scale and how much or little in-house resource will be needed. Your choice might depend on how much appetite there is for the inherent risks of migration, such as application downtime. If appetite is low, you’re going to want a provider who can guarantee that data is moved on time, with minimal risk.
Think about the level of support you need. How much internal resource do you have, and how much might you need to draw on your provider? Again, all providers are not the same. Most offer a basic support package, but anything beyond that comes at an extra cost. As the world moves to increasingly diverse working hours due to the effects of the COVID-19 pandemic, 24/7 support is going to become more critical and you want to have visibility into that before you make the leap.
Cost visibility is one of the oft-touted benefits of the cloud, so it’s frustrating that pricing and billing can often be so obscure and variable. During the due diligence process ask to see a sample billing statement broken down by line item. Make sure you delve into the pricing variables in the service, whether it is all-inclusive or what extra charges you might incur.
Ultimately, moving to the cloud is all about removing the overhead and limitations of on-premise infrastructure. All the factors discussed above might seem like a huge amount to consider but, when you look at the strategic benefits and value that a cloud strategy will deliver to the business, spending time to get your cloud “just right” is well worthwhile. It soon becomes clear that all IaaS providers are not the same. Taking time now to conduct robust due diligence of providers and drill into exactly what they can offer reduces the chance that the business will make a decision that causes problems in the long term.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.