Choosing a Cloud Service Provider: What to Consider
Small businesses in the US are adopting the cloud in droves. By the numbers, nearly 80% of such businesses are projected to be using cloud services by the end of 2020.
These businesses have chosen wisely.
They save money over a premise IT infrastructure. Their organization is more elastic and adaptable. They easily scale functionality and support remote workers. They get regular updates automatically, especially for security.
And cloud-based backup and disaster recovery keeps their operations running in the event of an emergency.
So no question. The benefits of cloud service providers are many. They make migrating your business to a cloud services platform a prudent move.
The trick is, doing it successfully requires choosing a knowledgeable, trusted cloud service provider as your technology partner.
Microsoft, a world-class cloud service provider
Yes, Microsoft does more than Windows and Office 365. With their Azure cloud services and network, Microsoft is second among the top 5 cloud service providers worldwide.
From 2018 to 2019, among businesses using public cloud services, Azure’s cloud service providers market share grew from 32% to 41%. That leaves Azure trailing only Amazon Web Services (AWS) in this category. Google Cloud ranks third, well behind Azure and AWS.
While market share speaks to the reach of a cloud service provider like Microsoft or Amazon, that’s a global measurement. And certainly, any cloud initiative should consider whether cloud services come from Azure, AWS, Google or the like.
But choosing a cloud service provider at the local level requires broader considerations. Because the role of cloud service providers is to improve an organization’s IT capabilities and business outcomes.
Choosing a local cloud service provider: 4 consideration buckets
The requirements of cloud service providers naturally encompass technology. But they also include things like cloud services administration, security, and even a provider’s financial health and track record.
Visual Edge IT is both a Microsoft Gold Partner and an Azure cloud service provider. We use Azure to deliver cloud services to businesses around the country. So we turned to Azure’s experts to get their insights on assessing a cloud services partner — objectively.
Making a fully informed selection, the Azure team says, requires evaluating a cloud service provider in four key areas:
- Security practices
- Technical capabilities and processes
- Administration support
- Business health and processes
Security practices
Cybersecurity has long been a concern for cloud services. Therefore, among the role of cloud service providers, protecting a business’s data, users and customers is a constant priority.
The following multi-layer security measures should apply at the local as well as the global level.
Security infrastructure. Verify that a cloud service provider has implemented a security infrastructure for all levels and types of cloud services. Cloud types include public, private, and hybrid (public/private). For each type, a provider must be able to manage security at three levels: host, network, and physical setup. Enterprise-grade firewalls are additional safeguards.
For secure remote access to cloud services, many businesses trust in a Virtual Private Network (VPN) gateway. The Azure VPN gateway is one example, enabling remote workers to access services from wherever an Internet connection allows.
Security policies. A cloud service provider should also have security guidelines in place to control access to provider and customer systems. Some providers use advanced security features such as Intrusion Detection and Intrusion Prevention Systems (IDS & IPS).
To secure critical business information, ensure that a provider protects data “in motion and at rest.” That is, protect data as it’s moving in and out of cloud services and when it’s stored within cloud datacenters. Providers should additionally incorporate standards such as the advanced encryption standard (AES).
Identity management. Changes to any application or hardware component hosted by a cloud service provider should be authorized on a personal or group role basis. The provider should require authentication for anyone to change an application or data. Multi-factor authentication is even better.
Data backup and retention. Procedures to ensure the integrity of customer data should be in place and operational. This is especially important in the event of a cyberattack, a natural disaster, or some other disruptive event.
Physical security. Finally, in a datacenter environment, a cloud service provider should have controls in place ensuring physical security. This should include controlled access to co-located hardware.
More so, datacenters should have environmental safeguards to protect equipment and data from disruptive events. Datacenters should feature redundant networking and power and maintain a documented disaster recovery and business continuity plan. Such a plan should be reviewed regularly and updated as needed.
Technical capabilities and processes
Most every cloud service provider has requisite technical capabilities, or they wouldn’t be in business very long. Many providers offer options for public, private, and hybrid cloud models. At a platform level, and depending on your business’s IT requirements, also consider the “as a Service” options a provider offers.
Software as a Service (SaaS), for instance, is a public cloud model for consumers. Infrastructure as a Service (IaaS) enables an organization to move to the cloud and migrate its IT infrastructure. And Platform as a Service (PaaS) provides a platform on which to build on existing IT functionality.
After that, the role of cloud service providers — and which one you choose — comes down to these other associated capabilities.
Ease of deployment, management, and upgrades. Make sure the provider offers mechanisms that make it easy to deploy, manage, and upgrade the software and applications you use. As an Azure cloud service provider, Visual Edge IT abides by all of these measures.
Standard interfaces. To let your organization easily build connections to the cloud, a provider should use standard APIs and data transforms.
Event management. For event management, the provider should maintain a formal system that’s integrated with its monitoring/management system.
Change management. The provider should enforce documented, formal processes for requesting, logging, approving, testing, and accepting changes to cloud services and systems.
Hybrid capability. Even if you don’t plan to use a hybrid cloud initially, you should make sure the provider can support this model. Hybrid cloud functionality offers IT advantages your organization might wish to utilize in the future.
Administration support
Service Level Agreements (SLAs). Providers should be able to guarantee a basic level of service your business is comfortable with. Review any SLA thoroughly before agreeing to it, though. Some SLAs have hidden loopholes that safeguard the provider should their cloud services not meet expectations.
Performance reporting. The provider should be able to provide performance reports both on a regularly scheduled basis and upon request whenever needed. Ask any cloud service provider you’re assessing to provide examples of these reports.
Resource monitoring and configuration management. The provider should have sufficient controls to monitor services provided to customers (i.e., your business) and any changes made to their systems.
Billing and accounting. Billing should be automated. This allows your business to monitor what cloud services resources you’re using and their cost — and avoid exceeding budgeted use. A provider should actively support all billing-related issues.
Organization, governance, planning, and risk management. The best providers are ones that have a strong, formal management structure and established risk management policies. These providers have further formal procedures to continually assess their own third-party service providers and vendors.
Business knowledge and technical know-how. The provider should understand your business and what you’re looking to achieve with a move to cloud services. They should then be able to match their technical expertise to your cloud objectives — and particularly to your business philosophy.
Compliance audit. A cloud service provider should be able to validate compliance with all your requirements via a third-party audit. No cloud initiative and ongoing use of services is successful without compliance doing its job.
Trust. You should have confidence in a cloud service provider company and its principles. Substantiate the provider’s reputation, its partners, and its breadth and depth of cloud experience. Read industry reviews of the provider and talk to customers whose situation is similar to yours. Trust is the underlying key to a successful partnership with any cloud service provider.
For your business, moving to the cloud is a significant decision. Do your homework and choose a cloud service provider wisely. It can make your decision an invaluable one.
Visual Edge IT can help your business determine a roadmap to sustainable growth using the cloud and everything it provides. Contact us to take the first assessment step.
