The Information Technology Cloud has offered freedom to Software users to select providers easily. The pay as you go pricing, the low entry and exit barriers often motivate customers to act impulsively while taking a decision, which is often like “flirting without commitments” rather than planning a “long term marriage with your partner”.
While it is tempting to adopt such approaches for selecting a vendor for cloud services, it may not be the appropriate approach in the long run. Selecting multiple cloud service vendors usually leads one to multiple clouds and in the long run is likely to create multiple issues with respect to security, user access and rights. Moreover, the management effort for Enterprise IT increases with the increase in number of vendors and with multiple environments being addressed using various systems or consoles, the complexity increases manifold. In addition, accounting for different pricing agreements and different performance expectations add to the complexity of managing such enterprises.
Therefore, CIOs and IT Managers are increasingly becoming aware and want to follow certain norms to select the Cloud Service Vendor. However, the challenge for them is the characteristics or offerings that the Cloud Service Providers offer. Organizations usually have disparate systems with disparate service requirements. How would they determine which single vendor would be able to meet the different requirements internally? The key requirement for a vendor therefore would be the flexibility of its offerings. Here are some areas that need to be fulfilled or addressed while selecting a Cloud Service Vendor.
- Cloud Strategy: Evaluate whether the provider has a road map for its Cloud Strategy and a vision for the future. Since Cloud is an evolving technology, the provider should be able to provide a cohesive strategy and predict the trends.
- Experience: Look for a Cloud Provider who has experience and capability to resolve the issues that you might face. Evaluate the provider based on past experience, and gathering feedback from other users. Check whether the provider has a consistent track record and adequate experience in managing enterprise data centers, secure hosting and mission critical applications.
- Interoperability: It is important to determine whether the vendor has offerings with workloads which can be shifted from one environment to others as and when required. The concept is akin to ‘hybrid cloud’ wherein, a part of the application (like the frontend) could be on a public cloud, whereas the database (the backend) could be existing on private cloud. Also, a workload which is primarily on private cloud could extend seamlessly to an on-demand public cloud. For the interoperability to be maximum, look for a provider who offers a common platform for on-premises private cloud, private hosted and public clouds.
- Demonstration of similar deployments: Often the solutions look good on paper. However, it would be assuring to observe similar deployments that you are looking for and obtain feedback. Ask the cloud vendors for customer references and also obtain feedback from any source that you are aware of.
- Availability of Technical Support: The Cloud is mostly a Do-It-Yourself Service, largely due to various automation tools and self-service portals. Many providers save on costs by limiting the customer support or outsourcing support to smaller partners. However, customers still require appropriate support as they do not have the technical skills or the time to support such applications. Look for a provider who can provide a range of managed and professional services to develop your Cloud strategy, migrate your existing applications to Cloud and manage and support optimal performance. Also while evaluating Technical Support, evaluate whether the vendor has Service Level Agreements (SLAs) in place for providing support to you. Critical SLAs would include those of availability, transaction time, storage and performance. This would ensure that you are protected in case there is a critical issue faced. SLAs should also cater to your requirements and ensure that the vendor is meeting your required criteria for SLAs and service performance. Also, check if the vendor can offer a compensation to you for not meeting the minimum criteria promised.
- Try Before You Buy: Check with your potential vendor whether it provides a feature of trying the application before purchasing. This potentially would help you understand what could be the issues that you might face while using the Cloud.
- Contractual Flexibility and Price Protection: Unlike the perpetual licensing paradigm, a Cloud Computing Framework is expected to remove the associated vendor-lock-in. However, long term contracts are increasingly being used in the Cloud Computing Space. Therefore, it is necessary for you to check with your vendor whether it offers:
- A standard Annual Termination for convenience.
- Annual changes of usage levels based on needs, and if there could be monthly “rollover” of usage to address seasonal demands.
- Long term price protection.
- Operational Visibility: The Cloud Service Vendor should be able to extend visibility to your operations, so that you are aware of immediate causes and can take necessary interventions. At the minimum, the Cloud Service Provider should provide the following services transparent to you – operational monitoring, performance, change management, issue management, root cause analysis for problems, capacity details, license planning, usage management and Service Level management.
- Disaster Recovery Plan: In a Cloud based scenario, you are going to share your data with a vendor and also not aware how the data would be stored and where. Therefore, you should take care with your potential vendor that the data is safely maintained, backed up and restored, such that even in case of adversity, such as the Entire Data Center being blown off by terrorists, your data is not lost. Check with Cloud Service Vendor whether there is an adequate Disaster Recovery Plan and whether it is tested on a regular basis.
- Cloud Security and Compliance: Finally, Security is key to for your data or application on the cloud. Check with the vendor whether it meets the general industry standards for security. Here are a few relevant certifications which you would your vendor to have – Security Standards like ISO 27001 or Payment Card Industry (PCI) standards, Statement of Auditing Standards like SSAE 16 or SAS 70, Health Insurance Portability and Accountability Act (HIPAA), or the Department of Defence Information Assurance Certification and Accreditation (DIACAP) standards.
