Chances are if you are not already using or considering cloud services, you most likely will be in the near future. Cloud computing has become the norm and many US businesses are already consuming cloud services from at least one vendor, if not more and the number continues to grow. If you haven’t already made the jump to the cloud, here are some questions you should ask and some red flags to look for from your prospective cloud service providers.
1. Where is your data stored?
Since many countries have different laws, it is important to understand where your data will be and what laws apply. While your data is “in the cloud” and shouldn’t have a physical location, it technically does so you will want to keep that in mind. Some cloud service providers give you the option to decide where your data will be stored, so make sure you know whether you have an option or if it is chosen for you. And make sure you are comfortable with where your data will be stored.
Red Flag – They can’t tell you where your data will be located.
2. Who has access to your data?
Since you are now entrusting your data to be stored somewhere else, you want to make sure you understand who has access to it. The cloud service provider will act as the custodian of the data so they will need some degree of access, but you’ll want to know what that means and if possible, who will be working with it on the behalf of the custodian. While you won’t be able to find out all of their information, you can find out what their hiring practices are and what process they go through to grant access to customer’s data.
Red Flag – They won’t share their hiring practices with you or how they grant their employees access to customer’s data.
3. Who owns your data?
Similar to previous question, since you are entrusting your data to someone else, you want to make sure you understand who owns it and who has control over it. Some cloud service providers will include in the fine print that you are surrendering your data when you place it in the cloud. You will want to read everything very closely and look for any red flags.
Red Flag – The fine print gives them ownership over your data instead of being a custodian.
4. How are charges determined?
Each cloud service provider may have a different charge model, but it will most likely be consumption based. The best thing you can do is understand how they calculate their charges and what metrics they use. If possible, make sure you set limits, get warnings, or have some type of prevention plan in place so you are aware of any overrun that would occur. It is better to know before it happens, instead of when you have a $5,000 bill when you only expected $800. To get a better idea, here is a blog article on what could unexpectedly drive up your Azure costs.
Red Flag – They don’t have any preventative options in place to help you better manage your consumption.
5. How is the SLA determined?
Similar to the previous question, each cloud service provider will have their own SLA for uptime, availability, response time, recovery time, etc. Make sure you are aware of what is and isn’t covered by the SLA and what metrics they follow. While you hope it never happens, you also want to be aware of the recourse of them not meeting their SLA.
Red Flag – If they don’t have any recourse if they fail to meet an SLA.
6. What compliance standards are met and who determines them?
This question can vary in how much it matters to your business. If you are in a heavily regulated industry, then you’ll want to look for cloud service providers who understand your industry and have standards in place to ensure you meet those standards. Just because you move your data to the cloud, doesn’t mean you no longer have to follow the standards. The best thing you can do is to make a list of all of the standards you need to comply with and use those to confirm the potential cloud service providers comply with them as well. The one upside is the cloud service provider will probably audit their own facilities and operations and share those results with you.
Red Flag – They can’t easily list what standards they comply with specifically. A general list of industries isn’t necessarily a good sign if they can’t then provide what specific standards they follow.
7. How do you cancel?
While this isn’t the most exciting question to ask as you look for cloud service providers, it is a question you do need to ask so you understand your options if things don’t work out like you think. Since most cloud service providers use a subscription model, it is easier to cancel at any time. The questions you will need to ask is how to cancel, what the process is, and how to move your data to the new location. Most cloud service providers will be focused on customer satisfaction so they will offer fairly easy ways to cancel. That said, some may not and while you can cancel, the move might be time consuming or costly, so you end up stuck with them.
Red Flag – They can’t easily outline the process, then you’ll want to reconsider going with them.
8. What happens to your data if you do cancel?
This is a follow up question to the previous question, but it reinforces that you need a clear answer on what happens to your data if you cancel and want to move elsewhere. In addition to being able to move your data, you also need to find out what they do to get rid of it completely. Since it is digital, it wouldn’t be hard for them to keep a copy to use for future mining. While there are extreme measures such as being NIST 800-88 compliant, you just want to make sure they scrub their systems, so your data remains as your data only.
Red Flag – They won’t share their process for scrubbing data.
You can save time, money, and effort by moving to the cloud. Cloud service providers offer a variety of service options that can be a great business decision for you. While the excitement of moving to the cloud is what most people talk about, make sure you pay attention to the details and understand what you are getting into before you make the decision. Consider the eight questions above before you make the move to make sure you have a great experience!