Logica's top tips: working with cloud suppliers
Cloud computing is growing as a popular option for companies looking to quickly launch new products, enrich their customer experience and reduce IT operations costs. By 2013, Gartner predicts that cloud computing will be a $150bn global market and account for a considerable proportion of the IT market.
Given its impending ascendancy, it’s likely that many organisations will be moving more of their software, applications, storage, and infrastructure across to the cloud over the next couple of years but, as news reports have shown over the last few months, significant issues can arise. So what do you need to look out for in order to ensure your future cloud suppliers provide a reliable and highly secure service?
Here are the top ten things that all organisations should consider when assessing cloud vendors:
- Don’t neglect standard commercial due diligence activities, such as financial assessments of the proposed vendors, and their scale, capacity, and track-record of servicing customers
- Assess the scope of the service management offering (particularly for IaaS and PaaS) in terms of what is included and what is expected to be consumer managed to compare ‘apples with apples’.
- Determine whether there is sufficient transparency of process in the event of incidents occurring and the ongoing management of the underlying platform to suit your governance requirements (i.e. can the service simply be a ‘black box’ to you that is either available or not, or do you need more insight into the operations of the service you receive)
- Investigate the frequency, quality and detail of the service reporting that is provided to verify that it is sufficient for your purposes.
- Establish the willingness of the vendor to negotiate an SLA and contract where the standard service levels being offered may not be sufficiently aligned with your business needs
- Understand the underlying technical implementation of the service and how this will affect the levels of availability, reliability, recoverability, responsiveness, and security that are being offered; also understand the way in which resources are shared in any multi-tenanted environment.
- Confirm that the speed of provisioning and de-provisioning of resources is consistent with your requirements and what facilities are required for automated provisioning without human intervention.
- Clarify where all the compute and storage facilities that are involved in service provision will be geographically located to ensure that local regulatory, privacy and legal requirements can be met
- Continually monitor the service being delivered and your utilisation to ensure that the service and costs remain aligned to your business needs and that all identified risks are being proactively managed
- Formulate your exit strategy and ensure that you have the ability to extract and recover your data from the service, if necessary.
