Ten Aspects to Consider when Choosing Cloud Service Provider

There are hundreds, if not thousands, of cloud services available to organizations. In many cases, the capabilities of the service, adjusted for cost, matter more to decision-makers than the infrastructure itself. As an example, the underlying infrastructure that supports common business software such as Salesforce, Microsoft Office 365, is rarely scrutinized, as the products are trusted solely on the brand’s reputation.

Ten Aspects to Consider when Choosing Cloud Service Provider
Ten Aspects to Consider when Choosing Cloud Service Provider. Photo by John Schnobrich on Unsplash

Choosing the right cloud service for your organization, or for your target customer if you are a managed service provider, can be time-consuming and effort-intensive. For this article, we will focus on existing applications (vs. new application services) that require high levels of performance and security, but that also enable customers to meet specific cost expectations.

Topics covered include:

  • Global access and availability
  • Cloud management
  • Application performance
  • Security and compliance
  • And more!

Content Summary

Executive Summary
“Cloud-first” to “Cloud now”
What does “cloud now” mean exactly?
The reason for this is straightforward.
Milestones in cloud computing
Options to consider
Finding the “just right” cloud
Global access and availability
Cloud management
Application performance
Security and compliance
Data protection and disaster recovery
Connectivity and networking
Strategy and planning
Onboarding and deployment
Support
Pricing/Billing
Cloud due-diligence

Executive Summary

“Not too hot, not too cold, just right.” The Goldilocks principle, named by analogy to the popular fairy-tale, has been used to describe the concept of “just the right amount” in a wide range of disciplines since its original 19th-century publication. Today, the principle has applications in psychology, biology, and engineering.

For those of us working in IT, finding that “just right” solution can sometimes feel like a tug of war between costs and performance. In other words, overprovisioning performance resources can lead to budget issues and underutilization, while focusing too much on costs can lead to missed expectations in terms of application performance. But in the age of cloud computing, where moving mission-critical applications off-premises to consumption-based, Infrastructures-as-a-Service (IaaS) has become commonplace, have we finally found our perfect IT solution?

Yes and no. It’s true customers see the value of hosted, pay-per-use IT consumption compared to traditional on-premises solutions. But not all clouds are created equal in terms of cost savings when adjusted for the resources needed to satisfy application requirements. As a result, the question for customers becomes, not “if” cloud, but “which” cloud.

There are many cloud options available in the market. Multi-tenant clouds offered by the popular hyperscalers are by far the most widely adopted services due to their size and scale. However, for customers that require higher levels of performance, security, and customization to align with specific application requirements and licensing, tailored/specialized clouds, private clouds, and bare-metal cloud service options may be best suited to fit those needs. Also, many customers require flexibility from a networking perspective. Many of the larger providers are only able to offer a shorter curated list of options.

In general, all of these service types fall into the IaaS classification. But, despite the many cloud options, finding that “just right” cloud service in terms of meeting business application, operational, and financial requirements, can be challenging. Ironically, the sheer number of cloud options is what can impact due diligence and become an obstacle in decision making. Customers need to understand their business objectives, requirements, and then determine the right service choices available to meet this combination of needs. This paper outlines ten topics you should ask yourself and your provider when searching for your “just right” cloud solution.

“Cloud-first” to “Cloud now”

For years, traditional organizations have looked to “cloud-first” for new application development and deployment. This approach made sense for companies planning complete transformations for the future in anticipation of growing competitive pressures. But as more companies experience IT pressures today, in terms of reducing costs and focusing on innovation, these same companies are no longer waiting for the future and are pivoting from “cloud-first” to “cloud now.”

What does “cloud now” mean exactly?

It means that companies are now looking at cloud for more than just new applications — including existing applications and off the shelf applications that customers have deployed with little or no application development. In other words, customers are considering cloud for ALL applications.

The reason for this is straightforward.

Companies are focused on reducing costs, and eliminating the dependency on the physical data center is a logical next step in the continuation of a long-term trend. For as long as customers have been buying technology to support business, they have been using it to reduce costs and speed up time-to-market inside the datacenter. Technology capabilities including server and storage virtualization have improved IT’s ability to respond quickly to lines of business.

But, over time, the ability for new technology to further reduce costs and time-to-market diminishes. This is a result of the growing customer demand for more application resources, better performance, and increasing frequency of administrative tasks such as patching various components and planning for the end of life or performance upgrades. It’s also a result of today’s remote workforce. Customers need access to their applications from anywhere and at any time. As businesses have reached this inflection point of diminishing returns, they have turned their strategy to the cloud as the next frontier of IT efficiency —committing to leaving the datacenter behind.

Milestones in cloud computing

Recent market data from Synergy Research Group via CRN suggests 2019 was a milestone for IT. “For the first time, enterprises are spending more money annually on cloud infrastructure services than on datacenter hardware and software.

Enterprise Spending on Cloud and Data Centers. Source: Synergy Research Group
Enterprise Spending on Cloud and Data Centers. Source: Synergy Research Group

The data suggests that total spending on cloud infrastructure services reached $97 billion, up 38 percent year over year. Total spending on data center hardware and software hit $93 billion in 2019, an increase of only 1 percent compared to 2018. This means that many companies that have historically owned, maintained, and managed IT operations in their datacenter are evolving how they support their business operations by transforming their IT to cloud. Indeed, “cloud now” is happening everywhere. But, once your organization has said yes to the cloud, what happens next?

Options to consider

Yes to the cloud, but what cloud options should I consider? There are hundreds, if not thousands, of cloud services available to organizations. In many cases, the capabilities of the service, adjusted for cost, matter more to decision-makers than the infrastructure itself. As an example, the underlying infrastructure that supports common business software such as Salesforce, Microsoft Office365, is rarely scrutinized, as the products are trusted solely on the brand’s reputation.

But in the case of organizations moving their existing applications to the cloud for production hosting (IaaS), backup (Backup as a Service), or disaster recovery (Disaster Recovery as a Service) the underlying platform must be vetted to ensure the application needs are met. To do this, organizations must examine the capabilities at the platform level. This is where the technology resources that have been purchased come together to deliver the application performance, security and compliance, connectivity and availability, and more, of the selected service. Ultimately, it’s these consumed resources that directly impact the cost of the service. In general, the main cloud platform types available to customers at scale are public cloud, private cloud, and bare-metal resources.

For example, an organization might choose a public cloud for cost-sensitive applications that require a high degree of reliability but are not subject to high levels of performance. At the same time, organizations that demand the highest flexibility and security for a specific application type might choose a private cloud for their hosting purposes. In both cases, customers need to work with their providers to effectively right-size the cloud to the application need.

Finding the “just right” cloud

As referenced above, there is no shortage of cloud service options. Unfortunately, that makes choosing the right cloud service for your organization, or your target customer if you are a managed service provider, time-consuming, and effort-intensive. For this paper, we will focus on existing applications (vs. new application services) that require high levels of performance and security, but that also enable customers to meet specific cost expectations.

Global access and availability

Moving to the cloud means moving out of your traditional on-premises datacenter and into a cloud service provider data center. It’s likely the cloud provider’s data center is located in another region than your existing environment. Generally, this is the exact benefit customers are looking for. They no longer want to own, manage, or maintain a physical datacenter footprint. And selecting a cloud provider with more physical distance from the existing infrastructure can provide additional benefits for backup and recovery.

But, at the same time, for production workloads that require high levels of performance, is the cloud provider’s data center location appropriate for your business? There are many reasons to ask this question in consideration of current and future needs.

  • Does your data, by law, need to be stored in a specific location or geography for security or compliance reasons? The question to ask is “where will my data be physically stored?”
  • In the provider’s location, will bandwidth or latency be an issue? The provider’s physical location will need to be close enough to the end-users so as not to impact performance, but also consider the network redundancy both within and into the cloud infrastructure.
  • Does the data center location provide adequate distance between primary data and backup data? In other words, if you are using the cloud for production, where are your backups kept? If using the cloud for backup or disaster recovery, you want to ensure the data center location is appropriately distanced from your primary data.
  • Will my backup data be usable/recoverable at the remote datacenter? Having offsite backups often isn’t enough if you can’t recover the backups on remote infrastructure.
  • Additional questions: What significant outages have been experienced? Is a Service Level Agreement (SLA) provided for uptime and availability?

Cloud management

Cloud management is one of the most discussed topics when considering cloud services. The primary reason for this is the adoption of a new method of management. In some cases, there is no formal interface, but rather, a set of APIs or CLIs that need to be used in scripts programmatically.

In other cases, a formal cloud management interface may exist, but adopting any new management interface is not trivial. And while this issue of adopting a new interface exists even when switching hardware vendors on-premises, with the cloud it can lead to several new questions to qualify beforehand:

  • How easy is the interface to use? Is it intuitive? If it is API/CLI driven, what resources exist internally to manage these new tools? Can my organization adopt within a reasonable amount of time? Is training available to expedite the adoption?
  • Will I be able to manage multiple cloud models (i.e. public and private) from the same vendor with one interface?
  • How much control and visibility do I have into my cloud infrastructure? Will I have Identity Access Management? Can I report on billing? Performance? Security and compliance? Networking? What about the environment and workload changes?

Changing management interfaces can also lead to a training deficit, especially if the on-premises interface was not designed from a familiar framework and/or layout. Common language matters when adopting a new management console. If a critical administrator leaves the organization, will appropriate resources be available to continue management? Is there a supply of knowledgeable resources in the marketplace to fill the organization’s ongoing needs? Will the cloud provider be able to supplement training with resources or a dedicated project manager?

Application performance

No two applications are created equal. This is true across many different metrics, but none as important, or as apparent, as it is in supporting expectations when it comes to application performance. For example, if you are running an IO-intensive ERP database that supports your entire business, the focus will likely be on reducing latency. If the application lags when it is engaged, expectations won’t be met.

At the same time, performance needs to be tempered by cost considerations. A typical back-office application that is used once a month may not need the highest performance; and because additional performance often comes with additional cost, reducing the performance resources available to the application will reduce costs in kind. As a result, performance and cost expectations need to be considered simultaneously.

The questions that arise when focusing on performance and cost are several folds:

  • Does the vendor have the ability to meet performance expectations now and in the future? Can the provider guarantee application performance with a public cloud option or do they need to rely on a private cloud or bare-metal? Is the underlying cloud server hardware compliant with (often) strict application requirements? Is the cloud provider transparent about their hardware configurations, down to the model number of their CPU?
  • Can the provider align my application performance requirements with my cost expectations? Over-provisioning resources to ensure performance needs are met comes with a cost. At the same time, under-provisioning performance to meet cost objectives can lead to missed expectations for the application. Does the vendor provide flexibility in terms of performance to cost? Can the provider offer a mix of public, private, and bare metal for different performance requirements? How flexible is the provider in offering workload mobility between performance tiers? Can they be managed together? Can the vendor scale performance and capacity independently AND bill based on consumption? Or do they bill based on fixed allocations? Ideally, the provider allocates resources as needed, over-allocates where necessary, but charges only when the resources are used.

Security and compliance

Security and compliance are usually at the top of every cloud buying guide. And for good reason. While most providers deliver a standard set of security and compliance capabilities with their most basic services, the requirements for individual businesses grow each year in several critical areas.

  • Geographic. At the geographic level, companies are subject to a variety of compliance and regulatory requirements. For example, in Europe the General Data Protection Regulation (GDPR) 2016/679 has been a focus for several years as organizations work to implement appropriate data privacy capabilities, processes, and comply with data sovereignty laws.
  • Industry-specific. Highly regulated industries such as healthcare and financial services require specific security and compliance capabilities.
  • Data specific. All industries must appropriately secure sensitive data from internal and external threats. There are many capabilities to consider: Access control, encryption (at rest, in flight, etc). Depending on the specific data you are moving to the cloud, ensure that the provider can meet your security and compliance requirements.

Questions to ask broadly, considering the above:

  • What security capabilities does the provider offer to ensure data is secure from theft? Are these capabilities built-in? Additional cost? What user management is required to ensure they are effective?
  • What security policies and practices do they have in place?
  • Many cloud providers secure data based on “shared responsibility.” What does the provider view as the customer’s responsibility?
  • Does the provider have experts who can advise on security and compliance considerations that are unique to the customer?
  • Is the provider available for consultative engagement? And also, be sure to ask about any past breaches or security issues and how customers were informed.
  • Depending on the industry, is the cloud provider in compliance with current regulations? Will they be able to meet future compliance requirements? How focused is the security and compliance strategy?
  • Can the provider meet specific geographic security and compliance requirements?
  • Finally, as a general rule, customers should consider referencing the Cloud Star Alliance (CSA) audit form as an external resource when evaluating cloud providers’ security and compliance. Providers receive ratings by the organization based on their security and compliance posture. This enables customers to view many providers through a normalized approach.

Data protection and disaster recovery

Data protection is not always part of a provider’s basic cloud service. “If it is in the cloud, it is protected” is a common misconception that often leaves customers in a vulnerable state. The reality is that cloud providers do their best to protect their production systems, and most have a retention policy that can be invoked, but backup is a specific capability that is necessary for the event of data loss, technical failure, or internal and external cybercrime. Without it, even the provider may not be able to assist.

Also, disaster recovery needs to play an important role in cloud service due diligence. At the end of the day, a cloud service provider operates a physical data center that could experience an unexpected data loss or downtime event. For companies that can not afford downtime, including the time needed to recover using backups, having a second site for disaster recovery enabled by the cloud service provider is critical. Questions to ask the provider include:

  • What backup capabilities does the provider offer for production applications? Is it included or additional cost? This includes both full and incremental backups, that can be scheduled based on the customer need. What long term storage options exist for cost-optimized data preservation? Are these backups stored off-site and far enough away?
  • What disaster recovery capabilities are available through the provider? Does the provider offer an appropriately geographically-diverse second datacenter for disaster recovery? Are disaster recovery services included or additional services? How well integrated are disaster recovery services into the management interface? Are the disaster recovery models cost-effective and easy to consume?

Connectivity and networking

Understandably, one of the main concerns around moving to the cloud, or adopting a second or third cloud, is the ability to communicate with other networks or applications. If connectivity is impaired, the other attributes of the solution, including performance and “speed to market” become irrelevant.

The first step in identifying a compatible solution is to understand the skill sets of existing IT staff. It’s common for staff to be strained by incompatible knowledge with new networking topology, terminology, and a global scale. Second, understanding business requirements and what the cloud service provider’s capabilities are. For example, many organizations have advanced network topologies that require the usage of specific carriers, virtual or physical equipment, co-location, and software-defined network options. Finally, defining the scope of the solution you need. Many companies have difficulty maintaining proper security boundaries between data centers, clouds, offices, and remote employees.

To ensure the cloud providers network is compatible with your existing environment, consider the following questions:

  • What network technologies does your team currently leverage today?
  • What network vendors do your staff have expertise in?
  • How many on-prem or cloud-based sites does your team leverage today?
  • Is the integration of sites a challenge?
  • How does end-user access to your applications work today?
  • How does public access to resources work today?
  • What connectivity providers are leveraged today for the end-user access?

Strategy and planning

“Is the cloud right for my specific application or workload?” Invariably, this is the first question organizations ask as they consider cloud computing for production workloads (IaaS), Backup as a Service (BaaS), or Disaster Recovery as a Service (DRaaS). Unfortunately, this question is often not easily answered without a structured plan. Considerations include:

  • What is the overarching objective of moving to the cloud – what are the benefits the organization is looking to achieve? Can they be achieved in not only the short term but the long term with the cloud I’m evaluating? Will picking the cloud option meet the objective but hamper other things that are working well today or add new challenges to the organization?
  • Which applications are suitable for cloud services? Which should remain on-premises, if any?
  • What is my specific deployment timeframe? What are the expectations for time, cost, etc. during the data movement?
  • What are the requirements of my application for CPU, memory, and storage? Is the cloud provider hardware approved and compatible with my application’s approved hardware requirements?
  • What are the bandwidth requirements for my application given a data center that is # miles away?
  • If I have specific RTO/RPO requirements for BaaS/DRaaS as part of my IaaS solution, can the provider meet my needs considering all of the above?

The main question that needs to be asked is, does the organization need a strategy and planning resource — either from the provider or a third party? Otherwise, the questions above (and many more) will need to be answered before deployment to ensure expectations are met.

Onboarding and deployment

“The journey is just as important as the destination.” Cloud services are largely viewed from the lens of the platform’s capabilities. Most of the comparison charts and articles that are available focus on the benefits after a successful deployment. But what about customers that don’t have the time or resources to move the data themselves? While it’s true that many cloud services are easy to adopt, such as S3-enabled cloud storage, others require significantly more planning to ensure migration downtime is not excessive, and that the act of migrating the data itself is not fraught with risk. Because of this risk, it is necessary to ask the provider what onboarding and deployment services are available.

For example, for organizations that are moving existing, mission-critical applications to the cloud, there may not be a large allowance at the executive level for application downtime or other risks associated with data migration. It’s in these cases that the organization may choose to leverage a provider’s migration services, or a third party, to ensure the data is moved on time, within budget, and with limited risk. Questions to ask include:

  • Is the application or workload I am moving to the cloud considered mission-critical? Is it compatible with the cloud I am evaluating, or does it need to be refactored?
  • If so, what resources do I have inhouse to accomplish the migration? Can I complete the migration within a committed time frame?
  • What migration services does the cloud services provider offer? Is the conversion or rebuilding of my application required to move to the cloud? Do the migration services offered to allow for validation of time, performance, support, security, etc in a non-intrusive manner before committing to the provider?

Support

The need for customer support services is closely related to the need for the other professional services above such as planning and onboarding. You either have the time and resources inhouse to support any issues that may arise, or you don’t. Most cloud providers provide a basic level of support, but sometimes 24/7 access may be an additional cost. Or in other cases, the response time necessary to meet business timescales or SLAs may come at additional cost. If you are primarily storing older data or long-term backups, you may only wish to engage support on an ad hoc basis. The opposite might be true for production-level applications where downtime or data loss can cripple the business.

Questions to ask include:

  • What in-house resources do I have to address any cloud service issues? What in-house expertise does my team have on the cloud platform I am moving to?
  • What is the business value of the applications/workloads I am moving to the cloud?
  • Am I willing to pay for additional support? Am I willing to pay for specific response time? How is a support made available — by phone? orum? Ticket?
  • What provider resources are available to help beyond break/fix (i.e. support for non-broken assistance, sales reps, account managers, etc)?

Pricing/Billing

Finally, one often overlooked aspect of cloud services is pricing and/or billing. This is a different question from “will the cloud save me money, and how much?” Understanding the pricing structure before deployment helps you understand your ability to accurately forecast the cost of your cloud services on a monthly and annual basis.

The reality is, cloud pricing is infamous for being complex and highly variable. While the cost savings benefits of the cloud will likely happen despite the effort to forecast the service cost accurately, understanding an actual billing statement broken down by line item can prove invaluable during the due diligence process.

Questions to ask:

  • Is the pricing all-inclusive or variable-based? What pricing variables are typical of the basic service? What about overage or reserve charges? Is a tiering plan available? Does pricing vary by geographic use?
  • How is the bill organized (view a sample copy of the bill)? Is there a way to view charges partway through the month with an estimate for the month-end?
  • What has been the annual increase, on average of the pricing elements of my service? Can I view real-time and historical billing and be alerted into pricing changes or predicted pricing changes?

Cloud due-diligence

The topics above outline a high-level approach to ensuring cloud providers can meet your expectations before you deploy. While individual applications will require a priority of some cloud capabilities over others (for example, applications that require the storage of medical data would require a focus on security during cloud provider due-diligence), multiple applications that comprise an organization’s application estate require a comprehensive view that reconciles benefits with trade-offs. This is why customers deploy hybrid clouds or multiple-clouds to avoid compromise. For example, customers may deploy a public cloud for test and development purposes, but use a private cloud to support mission-critical applications. Because of this, the topics above need to be discussed holistically, not only in terms of meeting the needs of all applications in the environment but also in terms of managing them from a single point of view.

Assuming the provider can meet the needs of all the application requirements collectively, the topics to discuss include: Cloud due-diligence for hybrid and multi-cloud environments

  • Can the provider manage hybrid or multiple clouds? In the case of the single vendor providing multiple services including public and private, this management should come from a single console.
  • On-premises management. Many times the hybrid or multi-cloud environment will include a private cloud environment on-premises. This is especially true for backup and disaster recovery use cases that may be used to protect and recover production data on-premises. Can the provider manage both sides of the environment? Given that the on-premises environment was likely in place first, does the cloud console increase management complexity? Or does it have a similar look/feel to on-premises management? For managed service providers, can the environment be managed easily by MSPs that the customer is already using?
  • Finally, networking. Customers that are transitioning to the cloud likely have significant time and investment in datacenter networking. Will transitioning to the cloud disrupt the network environment? Or complement it? Understanding the capabilities of the provider from a network perspective can provide confidence that disruption to the existing environment, or the transition to the new cloud environment, can be minimized.

Source: iland

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.