The Ultimate Checklist for taking your business on to the cloud

This is one of the toughest questions to find an answer to, because cloud computing is a vast topic with just about every player offering something or the other in this space. It becomes more difficult because when you move to the cloud, you're putting your trust on someone else for something you've been handling in-house all these years. There are bound to be mismatches in expectations, so you need to choose a CSP (Cloud Services Provider) where this gap between expectations and delivery is minimal. Here are a few factors that must be considered before choosing a CSP.

Data security: Beware of the laws of the land

In our cloud computing survey for SMEs, security and safety of data emerged as the most important criteria while choosing a CSP. A key thing to remember is to ensure that all your data is encrypted, whether on the move or static in the CSP's data center. Moreover, you need to know where the data is kept. If it's stored in a country where the laws of the land can impact the privacy of your data, you may be better off not going for that CSP's services.

Reliability of the CSP: Check its past record and financial stability

Another key factor reported by our survey respondents while choosing a CSP, and not without good reason. Reliability can have many different connotations. It could mean performance of the applications being offered, it could mean no downtime, it could mean that your data is in safe hands, or other things. We've covered many of these points later in this article, but the key thing to keep in mind is the reliability of the CSP itself. It should be financially stable and be there for the long haul. What will you do if your CSP goes belly up one fine day? Will you be able to easily pull out all your data and shift to another CSP? You need to carefully evaluate a CSP on its financial stability in the background before finalizing. Check out its track record, past performance, and market image. They're all important.

Quality of support: How quickly does the CSP respond?

One critical point to keep in mind is the speed and transparency with which your CSP will deal with an outage. Will the CSP promptly and transparently communicate the same to its customers, or will the CSP try and brush it under the carpet and give excuses about service non-availability?

Just because you're moving to the cloud doesn't mean you won't need in-house support. In fact, after signing up, you need to work out what sort of support would the CSP offer, and assign people from your own internal team to deal with the CSP's support team. This actually becomes more difficult because now your in-house support has to deal with complaints from your users and ensure that they're conveyed to and addressed by the CSP.

Have well-defined billing payment policies

By moving to the cloud, you're moving your IT costs from CapEx to the OpEx model. Instead of owning the setup for a particular application, you're leasing it from a service provider. This completely changes the payment terms, so you have to be more careful in understanding the terms and conditions of making payments. What sort of a payment cycle does the service provider follow?

Is it monthly, quarterly, or annual? Is the payment frequency clearly mentioned in the vendor's end user license agreement?

Moreover, is the service configured for auto-renewal without your knowledge? We've seen cases where you opt for a service for one month, and it automatically sets your payment to auto-renewal. As a result, your credit card gets charged automatically every month.

How transparent is your CSP about the billing and payments? Do you get a dashboard where you can clearly see the services you're being provided and the amount being charged for them? You need to be able to track the usage and ensure there are no discrepancies in the billing.

Check service availability policies

A key concern that a lot of existing users of cloud based services face is with availability of the services offered by the CSP. There are too many horror stories of services being disrupted from even large, well-known cloud service providers. Amazon Web Services for instance, faced an outage in June at one of its data centers in Virginia, US. The cause was apparently a huge storm that resulted in a power outage in one of their data centers. Due to this, the services of many of Amazon's clients were disrupted, including well known names like Netflix, Heroku, and Pinterest. This is not the first time it has happened with Amazon, but the key learning here is that when you're choosing a cloud service provider, you must carefully investigate its data backup, disaster recovery, and service availability policies. A lot of cloud service providers make it clear that the responsibility of availability of a customer's data and application availability lies with the customer. So when there was a major outage at Amazon in the US last year, it didn't impact the company's SLA, because it clearly stated somewhere that the customers had to place mirrored application servers in multiple availability zones.

So before you choose a CSP, do read such policies carefully to ensure the availability of your data. Not only that, but also review the number of downtimes that the CSP has faced. A simple Internet search will throw up reports of such outages for a lot of CSPs.

Having said that, it's also the duty of the CSP to clearly communicate such things to its potential customers, instead of expecting the customers to go through its lengthy terms of agreement. CSPs, are you listening?

SLAs: The dos and the don'ts

Service Level Agreements or SLAs are the key while choosing a CSP. In fact, all points we mentioned above must be covered in the SLA, among others. Start by finding out what is your CSP's SLA like? Is it more like the complex “terms of agreement” document that people usually press “I Agree” to on most websites? Those are long, complex, and with a lot of fine print. They're designed that way so people don't spend too much time on them. They're not something you'd want to follow in your own SLA. In fact, when signing a SLA with your CSP, you have to be clear on what you want and expect from the deal. While a detailed explanation on SLAs is beyond the scope of this magazine, we'd recommend that the following four points are addressed in your SLA:

1. What services are being offered? A list of services being offered by the CSP must be included in the SLA along with their explanations. Not only that, but how will the CSP handle the communication when it upgrades its setup that changes some of the features of the service offered to you?

2. How will the CSP let you measure its services' performance? Ask the CSP to provide a mechanism to audit and measure the services quality to check whether it's being delivered as per agreement.

3. What is the recourse if terms of the SLA are not fulfilled? If there's a cloud outage for instance, will the CSP offer you additional service credits? Microsoft Azure for instance, suffered an outage on Feb 29th due to a leap year bug. The company apparently offered 33% credit to all its customers.

4. Will the SLA change over time, and if so, will it be clearly communicated? If this doesn't happen then your SLA could get altered without your even knowing about it.

Another key thing to remember is that there are chances that you'll move more than one service to the cloud, and possibly choose different CSPs for them. When that happens, you might find a lot of differences between the service levels, offerings, and standards of different CSPs. For that you need to work out a common methodology to manage your applications and services on different clouds.

Compliance risks

Companies working for international clientele have to be even more careful about the compliance norms of that country. For instance, an organization offering healthcare services for US-based customers might have to worry about complying with HIPAA, and likewise for other compliance norms that mandate protection of public data. What if this data gets compromised due to negligence on part of the CSP? Will the CSP take responsibility for it, including the legal action that may arise from the govt? Unless this is made clear, companies dealing with such compliance-dependant services may be better off not going for a cloud-based service.

What happens after termination of agreement?

The data that you generate from the application you use is your property, irrespective of whether it's generated and maintained in the cloud or in your in-house setup. It shouldn't happen that you lose the right to access, use, or transfer it upon termination of a contract, or due to some other dispute that may arise with your cloud service provider. Or worse still, the CSP ends up sharing your data with others post the termination of the agreement. You need to ensure that this is made very clear from the beginning.