Skip navigation.

ICT Management. > Strategy & Planning
Software > Buying & Owning Software, Internet Based Software
Hardware > Buying & Owning Hardware

Top questions to ask your prospective Cloud Provider

By Peter Tomusange

< Previous | 1 | 2

Service Availability

There can sometimes be a temporary or permanent, partial or complete disruption to the cloud service, also known as downtime.

Risk assessment for downtime includes two factors; the criticality of the service you are running, and the amount of time the service is out for.

Primary causes of downtime include:

  • internet bandwidth
  • denial of service attacks
  • equipment and software malfunction
  • insolvency
  • natural disasters
  • government actions

What is the CP’s standing in regard to any or all the above factors? For example

  • Whether the CP is compliant with statutory requirements?
  • What disaster recovery measures are in place?

Short, temporary disruptions creating Quality of Service (QoS) issues may be absorbed to an extent. The big challenge is permanent or prolonged loss of availability, hence:

Data backup and disaster recovery

Backing up data is a key to business continuity. Is the CP very clear on what their data backup strategies are, and how they will respond to severe or prolonged disruptions in order to ensure business continuity?

Some areas of concern include:

  • Has the CP got adequate backup capacity (aka redundancy), with critical transactional, operational, and system data replicated, should the instance be compromised? 
  •  How quickly does the compromised instance switch to the backup (aka failover) in order for you to get functioning again?
  • Where and with whom is the data centre backed-up? e.g. is it with another cloud service provider (e.g. one that provides storage as a service) or another part of the CP’s data centre - and the implications discussed earlier
  • How regularly is the backup done, and is it automated and in real-time? How often are backups tested to ensure they can be safely restored? (I.e. Backup management)
  • Are there any extra costs involved with storage of backed-up data, including the speed of failover?
  • Are you able to back up your data to your own hardware and can this be done automatically?

You need to consider how critical the service you are running in the ‘cloud’ is, thus the more critical the service, the higher the degree of availability you need.

Total Cost of Ownership

You must be aware of the hidden costs associated with the subscription-based pricing, and insist on transparency at the start of the partnership.

What is the CP’s breakdown of the cost of the service and how clear is this?

The hidden charges you should be aware of are some of the following:

  • Subscription charges – The advertised price is most likely dependant on the purchase of large ‘number of seats’, smaller purchases will attract higher subscription prices. What discounts are available for fewer ‘number of seats’?
  • Increased cost of storage – backup.
  • Amplified customer support - The escalation of a support issue will sometimes attract a higher cost. Ask the CP if they provide specific SLAs with regard to support. These should make the costs transparent.
    This support SLA should address:
  • Is it 24/7
  • Is it with ‘live’ customer reps or self-supported
  • What are the response times to a support query
  • Is response via email, or telephone

It is however most important to know what support you need, so that you might be able to negotiate it, avoiding extraneous costs. 

  • Duration of contract – what is the minimum period? What are the upfront costs for the period? Multi-year contracts may not save you any more than having on-premises IT services.
  • ‘Shelfware’ – Be wary of being sold unnecessary ‘over-kill’ cloud services that you DO not need (especially software services) they will only add to the cost of maintenance.
  • Customisation costs - Customisation costs are not explicitly advertised when a cloud service is purchased, however, the more the customisation you need, the higher the cost. How much customisation will you need?
  • Integration and integrator services. Do you require applications integration? Does the CP offer these as part of the subscription (most unlikely!) or are they third-party services? What do they cost?
  • Data migration costs – what are the initial costs of transferring your data to the cloud?
  • Data transmission costs. CPs charge for upload and download bandwidth – How much does the CP charge? Are there thresholds to the amount of data transmitted, after which exponential increases are incurred? Conversely, consider your organisation’s internet connectivity, for Quality of Service purposes.
  • Training – How much and how long does it take to train personnel in the use of specific cloud related software.

Financial Security

You need to know about your CPs long term viability

  • How long has the company been around?
  • Are they financially secure?
  • Is there any danger of merger or acquisition?

SOC 1 audits for instance, provide a starting point (please see SOC under data security above)

References, References, References: 

Is the CP happy to provide checkable references in regard to prior service?

The references should be able to highlight issues such as:

  • Reliability of service
  • Quality of service
  • Quality of support

Conclusions and Caveat

The prospective cloud service provider is a prospective business partner. An adversarial approach to vendor selection starts your search off on the wrong footing.

SLAs will stipulate guarantees and indemnities, and penalties for breach of service. Penalties however do not mend any damage to your reputation in the event that you are unable to provide the services your stakeholders rely on.

Disaster Preparedness is hence monumentally significant.

Certifications alone should never be a benchmark for a choosing CP, conduct additional due diligence.

The nature of data to be stored in the cloud should be a key indicator of your choice or not to store. Highly regulated data is perhaps better stored in house.

Like any outsourced activity, always have an exit strategy before embarking on partnerships with CP, it never costs you anything.

Your provider should be able to explain their answers to your questions in language you can understand!

Finally, remember that there are factors outside the cloud provider’s control that will impact service availability and security, and that your organisation will need to address including:

  • internet service interruption at your offices, remote/home user’s premises
  • risks associated with providing your staff with 24/7 access to data
  • your organisation’s ability to support and regulate home or mobile use
  • user awareness of risks associated with data in the cloud

About the author

Peter Tomusange
Peter volunteers with IT4communities. He holds a BSc.(Hons) IT(First class), and is currently pursuing a MSc. in Business Systems Analysis and Design.

Glossary

Backup, Cloud Computing, Database, Hardware, Internet, Line, Mobile, PDF, Service Level Agreement, Software, Storage, Switch, Website

Related articles

Published: 5th December 2011

Copyright © 2011 Peter Tomusange

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.0 UK: England & Wales License.

< Previous | 1 | 2

User comments and discussion

If you have useful information to add to this article please Add a comment. Comments will appear after they have been moderated.

Discuss this topic in the Knowledgebase forums. This is a useful place to share knowledge, experiences, and ask questions.

Please sign in or register to be able to post a comment or discussion.