“Any questions?” Remember the shiver of apprehension when someone uttered those words in a meeting or during a class? Everyone would furtively look around, hoping that someone – anyone – would raise their hand. No one wanted to be the first to admit they didn’t quite understand what was trying to be explained through examples and anecdotes. No one wanted to ask that clarifying, follow up question or worse, to seemingly ask the “stupid question.”
Quite frankly, there is no excuse in today’s corporate environment not to ask those tough questions – especially when it involves the management of one of your company’s most vital resources – your information. Simply stated, if you don’t understand how your potential service provider will work for you, you’ll risk, at a minimum, ineffective management (or even mismanagement) of your information; at the other end of the spectrum, reputational risk and missed business objectives.
During the transformation from on-premises infrastructures to those managed in the cloud – there are no stupid questions. This process is new to many – so my advice is to ask away! You should always question your IT service providers before you decide to trust them with managing your information and the key environments that host them. Here are some sample questions across 10 key topic areas that I believe you should have answered prior to entrusting your sensitive information to the care of a cloud provider.
1. Experience. As an organization, you don’t want to be a “learning experience” for your cloud provider. Be sure that the provider has a history in providing cloud services and the needed experience to make you successful. To help ensure that you select a cloud provider with the appropriate experience, you should at a minimum ask:
- Does the cloud provider have a customer base: 1) in your industry; 2) that uses the same services proposed; and 3) that can be contacted as a reference?
- How long has the cloud provider been implementing this type of service in your industry?
2. Migration. Birds fly south to protect themselves from winter and similarly your data needs to be able to migrate seamlessly from environment to environment. To protect your business from data loss or unnecessary downtime you should ask the following questions:
- Can the cloud provider migrate your application environment, including user details and application data, from your on-premises applications to its cloud?
- To ensure that you comply with privacy regulations, is the migrated data managed with appropriate governance controls?
3. Security. Security of your assets should always be a top concern. Your cloud provider should be able to help ensure that your sensitive data will be protected while allowing ready access to the appropriate users. To ensure that your cloud provider can provide the appropriate levels of access and security, you should start by asking the following:
- Is the cloud provider willing to share its security protocols, methodology, certifications and audits with you?
- Can the security infrastructure of the cloud provider integrate with both a cloud-based single sign-on (SSO) solution or with your on-premises SSO solution? This will be important for transition and interoperability.
4. Transparency. It is important to remember that your data is your data. You have the right to know how well the service is performing in managing your data. Having insight into your data, costs and service levels can be paramount to the management of the relationship. For that reason it is important to find out the following:
- Does the cloud provider offer full transparency into the performance of your services through dashboards, alerts and other tools?
- What is your cloud provider’s supply chain? It is important to understand what other third-party cloud service providers are used by your cloud provider and how those third-party providers’ reporting will be included to provide complete transparency to how your data is being managed.
5. Integration. To that point, no solution is an island – your cloud provider will need to be able to play well with others. In order to ensure interoperability, ask the following:
- How does the cloud provider address data integration between cloud services and on-premises applications?
- Does the cloud provider collaborate with other cloud providers to develop interoperability between them so that end-to-end service outcomes can be achieved?
6. Compliance. If you need to comply with certain regulatory or legislative demands, then so does your provider. Ensuring that your cloud provider has experience with meeting these needs can be critical to your success, so it is important to make sure that the provider y understands its obligations. Determine the following:
- Can the cloud provider ensure that its downstream cloud providers, which it might use, also comply with these requirements?
- Does the cloud provider comply with the required government and industry regulations, such as HIPAA or FINRA?
7. Non–conformance. In a new relationship with a cloud provider you also need to determine how accountable the cloud provider will be in the event that it doesn’t meet the agreed-upon goals. You should ask:
- Does the cloud provider mitigate non-performing Service Level Agreements (SLAs) through penalty payments or other givebacks?
- If standard escalation fails, do you have executive-level escalation procedures?
8. Disaster Recovery. A disaster is anything that interrupts normal business operations. In order to help ensure that your business will be, at most, only minimally disrupted and that recovery from any such event is handled with care, make sure to ask the following:
- What is the recovery point objective and recovery time objective for the cloud provider, and does this meet or exceed your requirements?
- How often is the cloud provider’s DR fail-over tested, and does this equally apply to downstream providers?
9. Pricing. What you’re paying – and what you’re paying for – needs to be clear. Clarity in pricing can be gained by asking the following:
- Does the cloud provider offer transparent and predictable pricing that enables reconciliation with your services rendered?
- Are you able to benchmark the pricing against your current cost basis, as well as another vendor’s offerings?
10. Total Cost of Ownership (TCO). The cost (or fee) of any solution is rarely limited to the upfront purchase price. It is important to have a good understanding of the ongoing costs required to keep a solution in operation. You should ask the following to help understand your TCO:
- Does the proposed TCO of a solution take into account often hidden costs, such as setup fees, development fees, migration and recurring licensing or subscription fees?
- Can/will the provider help you with your business plan/ TCO calculations?
- How does the provider’s TCO equate to other providers’ TCO?
Ensuring a good relationship with a cloud service provider is a little more involved than just a few questions asked and answered. A degree of rigor and due diligence in your selection process should be done to determine a good fit for your organization. As a cloud service provider, we at Viewpointe pride ourselves in how we approach the market, as represented in our business model. Any cloud provider you choose should be equally willing to share its model and respond to your questions in an effort to build a true partnership with you that will drive success for your organization.
With that said, I hope that you take the time to ask these questions, as well as any others specific to your circumstances, and that they help you get to know your cloud provider in an effort to ensure a mutually beneficial relationship.