This is one of the toughest questions to find an answer to, because cloud computing is a vast topic with just about every player offering something or the other in this space. It becomes more difficult because when you move to the cloud, you're putting your trust on someone else for something you've been handling in-house all these years. There are bound to be mismatches in expectations, so you need to choose a CSP (Cloud Services Provider) where this gap between expectations and delivery is minimal. Here are a few factors that must be considered before choosing a CSP.
Data security: Beware of the laws of the land
In our cloud computing survey for SMEs, security and safety of data emerged as the most important criteria while choosing a CSP. A key thing to remember is to ensure that all your data is encrypted, whether on the move or static in the CSP's data center. Moreover, you need to know where the data is kept. If it's stored in a country where the laws of the land can impact the privacy of your data, you may be better off not going for that CSP's services.
Reliability of the CSP: Check its past record and financial stability
Another key factor reported by our survey respondents while choosing a CSP, and not without good reason. Reliability can have many different connotations. It could mean performance of the applications being offered, it could mean no downtime, it could mean that your data is in safe hands, or other things. We've covered many of these points later in this article, but the key thing to keep in mind is the reliability of the CSP itself. It should be financially stable and be there for the long haul. What will you do if your CSP goes belly up one fine day? Will you be able to easily pull out all your data and shift to another CSP? You need to carefully evaluate a CSP on its financial stability in the background before finalizing. Check out its track record, past performance, and market image. They're all important.
Quality of support: How quickly does the CSP respond?
One critical point to keep in mind is the speed and transparency with which your CSP will deal with an outage. Will the CSP promptly and transparently communicate the same to its customers, or will the CSP try and brush it under the carpet and give excuses about service non-availability?
Just because you're moving to the cloud doesn't mean you won't need in-house support. In fact, after signing up, you need to work out what sort of support would the CSP offer, and assign people from your own internal team to deal with the CSP's support team. This actually becomes more difficult because now your in-house support has to deal with complaints from your users and ensure that they're conveyed to and addressed by the CSP.
Is there anything critical one must include in the Service Level Agreement (SLA) when choosing a cloud service provider? “SLA for Downtime” - Atul Batra, Director Technical, Arjan Auto “Trust and confidence” - Prakash Shah, CIO, Prakash Chemicals and Fertilizers “Data loss clauses with penalties and well defined boundries” - Dheeraj Chawla, CIO, Shib Dass and Sons “Cross border arbitration and exit clauses” - Ashish Khanna, Ashish Khanna, CIO, Oberoi Group “Availability of cloud resources” - CVSN Murthy, Head-IT, KMC Constructions “Security and privacy” - Virendra Kumar, System-in-Charge, BW Lions Eye Hospital “Penalty for downtime” - Aabid A Khambati, DGM-IT, Concept Pharma “SLAs written with cloud providers must remain clear, specific, measurable, achievable, relevant and timely. They should be based on specific business needs.” - Vivek Dharia, CIO, KNP Securities “Ownership of data is a critical factor” - Dhiraj Barpujary, Deputy Director (IT), The Institution of Engineers (India) “Peformance offered” - Manish B. Parikh, Sr. Architect-IT, AtoS “Security, bandwidth, latency, availability” - Lalit Wadhwani, CTO, Frameboxx Ltd. |
Have well-defined billing payment policies
By moving to the cloud, you're moving your IT costs from CapEx to the OpEx model. Instead of owning the setup for a particular application, you're leasing it from a service provider. This completely changes the payment terms, so you have to be more careful in understanding the terms and conditions of making payments. What sort of a payment cycle does the service provider follow?
Is it monthly, quarterly, or annual? Is the payment frequency clearly mentioned in the vendor's end user license agreement?
Moreover, is the service configured for auto-renewal without your knowledge? We've seen cases where you opt for a service for one month, and it automatically sets your payment to auto-renewal. As a result, your credit card gets charged automatically every month.
How transparent is your CSP about the billing and payments? Do you get a dashboard where you can clearly see the services you're being provided and the amount being charged for them? You need to be able to track the usage and ensure there are no discrepancies in the billing.
Check service availability policies
A key concern that a lot of existing users of cloud based services face is with availability of the services offered by the CSP. There are too many horror stories of services being disrupted from even large, well-known cloud service providers. Amazon Web Services for instance, faced an outage in June at one of its data centers in Virginia, US. The cause was apparently a huge storm that resulted in a power outage in one of their data centers. Due to this, the services of many of Amazon's clients were disrupted, including well known names like Netflix, Heroku, and Pinterest. This is not the first time it has happened with Amazon, but the key learning here is that when you're choosing a cloud service provider, you must carefully investigate its data backup, disaster recovery, and service availability policies. A lot of cloud service providers make it clear that the responsibility of availability of a customer's data and application availability lies with the customer. So when there was a major outage at Amazon in the US last year, it didn't impact the company's SLA, because it clearly stated somewhere that the customers had to place mirrored application servers in multiple availability zones.
Bharti Airtel's Cloud Enablement Platform The company recently launched its Cloud Computing platform, which is based on HP's technology and provides both SaaS and IaaS based services for SMBs and enterprises. Bharti Airtel is the latest company to hop onto the cloud computing bandwagon, with SaaS and IaaS based offerings for both SMBs and enterprises. Called the Cloud Enablement Program or CLEP, the service uses HP's Aggregation Platform on a pay-as-you-go model. Initially, Airtel will offer solutions like ERP, accounting packages, storage and compute on CLEP, and in the future, the company will introduce diverse SaaS based applications on the same platform especially for SMB customers. “Cloud computing market in India is estimated to grow at a CAGR of 40 percent by 2014.“, said Sanjeev Kapoor, CEO (India and South Asia) Bharti Airtel. With such growth and the largest 3G and 4G telecom network in the country, Airtel looks well poised to leverage this growth. CLEP was built by HP Enterprise Services using HP's AP4SaaS platform. It has been integrated into Bharti Airtel's existing network system. AP4SaaS is a common platform that will enable Airtel to deliver IaaS, Communications as a Service and SaaS. These services could either be hosted on operator premises or integrated with third-party SaaS providers. It provides a set of web service interfaces for enhancing the Cloud Service Provider's (CSP) customer portal and facilitates distribution, subscription, and consumption via a marketplace portal. HP will offer implementation and management of the end-to-end Cloud Enablement Platform. |
So before you choose a CSP, do read such policies carefully to ensure the availability of your data. Not only that, but also review the number of downtimes that the CSP has faced. A simple Internet search will throw up reports of such outages for a lot of CSPs.
Having said that, it's also the duty of the CSP to clearly communicate such things to its potential customers, instead of expecting the customers to go through its lengthy terms of agreement. CSPs, are you listening?
SLAs: The dos and the don'ts
Service Level Agreements or SLAs are the key while choosing a CSP. In fact, all points we mentioned above must be covered in the SLA, among others. Start by finding out what is your CSP's SLA like? Is it more like the complex “terms of agreement” document that people usually press “I Agree” to on most websites? Those are long, complex, and with a lot of fine print. They're designed that way so people don't spend too much time on them. They're not something you'd want to follow in your own SLA. In fact, when signing a SLA with your CSP, you have to be clear on what you want and expect from the deal. While a detailed explanation on SLAs is beyond the scope of this magazine, we'd recommend that the following four points are addressed in your SLA:
1. What services are being offered? A list of services being offered by the CSP must be included in the SLA along with their explanations. Not only that, but how will the CSP handle the communication when it upgrades its setup that changes some of the features of the service offered to you?
2. How will the CSP let you measure its services' performance? Ask the CSP to provide a mechanism to audit and measure the services quality to check whether it's being delivered as per agreement.
3. What is the recourse if terms of the SLA are not fulfilled? If there's a cloud outage for instance, will the CSP offer you additional service credits? Microsoft Azure for instance, suffered an outage on Feb 29th due to a leap year bug. The company apparently offered 33% credit to all its customers.
4. Will the SLA change over time, and if so, will it be clearly communicated? If this doesn't happen then your SLA could get altered without your even knowing about it.
Another key thing to remember is that there are chances that you'll move more than one service to the cloud, and possibly choose different CSPs for them. When that happens, you might find a lot of differences between the service levels, offerings, and standards of different CSPs. For that you need to work out a common methodology to manage your applications and services on different clouds.
Cloud Computing Case Studies Calsoft Saves Software Licensing Costs Through an Open Source Private Cloud Called VYOM Calsoft had a heterogeneous server infrastructure for 300 people, which included 30+ hardware servers running 55+ services. This obviously took a toll on the physical space used in the data center, not to mention the hefty power and cooling bills to keep them running. On top of that, the company had a poor DR setup, longer downtimes and high TATs for resolving problems. The company created a private cloud on 10 physical servers with different cores & memory capacity. These were deployed using open source software like Linux, KVM-QEMU, and OpeniSCSI. The use of Open Source virtualization and Cloud platforms saved the company software licensing costs and added a lot of customization and flexibility. Moreover, the company used end of life hardware, so there was no extra cost for hardware. This resulted in significant savings in space, power, facilities, and operational cost. They enjoyed much faster TAT in case of failure. Plus, there was increased computing density, reduced consolidation time, flexible resource allocation, and faster orchestration of newer services.
This IT initiative was taken to ensure that the company's security posture was best in class. Their current system faced multiple issues like spam, virus threats, scalability and utilization concerns and no granular control for IT team. Their non-business related emails were eating away bandwidth and there was a pressing need for effective filtering at source. The company replaced their on-premise appliance based email security with SaaS based email security services. The entire migration for 10,000 users happened in just 48 hours without any downtime and 100 % email delivery. The end result was a 40% reduction in email flow with the unwanted emails getting stopped in the cloud, resulting in huge performance improvements and bandwidth optimization. The spam rate and threats to system were minimized which resulted in better end user experience. |
Compliance risks
Companies working for international clientele have to be even more careful about the compliance norms of that country. For instance, an organization offering healthcare services for US-based customers might have to worry about complying with HIPAA, and likewise for other compliance norms that mandate protection of public data. What if this data gets compromised due to negligence on part of the CSP? Will the CSP take responsibility for it, including the legal action that may arise from the govt? Unless this is made clear, companies dealing with such compliance-dependant services may be better off not going for a cloud-based service.
What happens after termination of agreement?
The data that you generate from the application you use is your property, irrespective of whether it's generated and maintained in the cloud or in your in-house setup. It shouldn't happen that you lose the right to access, use, or transfer it upon termination of a contract, or due to some other dispute that may arise with your cloud service provider. Or worse still, the CSP ends up sharing your data with others post the termination of the agreement. You need to ensure that this is made very clear from the beginning.
Marcuras Water Treatment Gets Faster Data Access Through TCS' iON Cloud Solution This manufacturing company faced issues like inventory leakage as manual stock adjustments were required to reconcile the inventory. Plus, delay in consolidation of information for generating decision-making reports & financial statements was also a concern. The company needed a solution that gave a single view of inventory and accounts. The company went for TCS's iON cloud computing soluition, which provided a single system that has automated the company's sales, production and finance processes. Data is now available anytime & anywhere on the cloud. A single window of inventory and accounts has resulted in effective tracking & monitoring of items, a considerable reduction in overheads, manual efforts and re-work. It has speeded up the procurement process, thereby keeping production schedules on track. The HO gets timely access to accurate financial and other MIS reports. Forbes Marshall Increases Productivity by 24% using Cloud-Based Collaboration The steam engineering and control instrumentation company, Forbes Marshall made early investments in IT systems and was therefore running a static legacy system with high cost of licenses and IT maintenance costs. They were looking for ways to enhance the user experience and promote collaboration. After a detailed analysis of available email options, they decided to move their entire customer base to Google Apps Premier Edition. The company registered 43% savings in licenses in the first year alone. This also reduced email client support by upto 80%, as 78% of the users started using the web browser as their email interface. Another 56% users said they were using their smartphones for email, while another 78% said that they were effectively using Google Docs for sharing information. All this reduced the mail flow by 28% and increased productivity by 24%. |