Introduction
Last week, I wrote an article outlining five important questions that a CIO must answer inside the organization before adopting cloud services. However, the internal justification is just one side of the cloud story. You also need to ask the service providers questions about their services before you can reasonably sign a service contract.
What is your service level interruption and restoration history and how were root cause defects identified and corrected?
Every provider has outages; 100% availability is not possible. A provider’s outage history is important information for a potential client to understand. For one thing, you will get a feel for how often the provider has experienced issues and how long outages have lasted. If you don’t like what you hear, you can move on.
You can also learn about how seriously a provider takes uptime. A good one will learn from issues and take steps to permanently address discovered root causes. While that won’t guarantee that the provider won’t see future problems, you can have confidence that uptime is a prime consideration.
What is your pricing structure, and do you have a way that we can estimate actual ongoing costs?
Perhaps the most confounding aspect of cloud adoption is figuring out exactly how much the service will cost. Providers charge for pretty much everything, and they do so with different kinds of scales. You’ll pay for data at rest, data in transit, bandwidth, processing cycles, and more. The complexity in cloud pricing is one of the reasons that some CIOs continue to avoid the cloud.
However, the cloud is the epitome of “pay as you go” services, and the promise is that organizations will pay for what they consume and not a penny more. With local infrastructure, you’re paying for what you use as well as unused overhead. Ask your provider how best to calculate usage in each category and find out about any load simulation tools you might be able to use to better nail down cost.
What measures do you take to protect my services from both threats from outside your infrastructure as well as from other tenants?
Another prime concern from CIOs wary of the cloud is security. This is an important topic and one that requires careful analysis before making any contractual commitments. Find out from your provider what is necessary for maximum protection of your data assets. What steps is the provider taking to help keep customer’s data safe from Internet-based issues but also, what steps are they taking to ensure cross-tenant security? After all, cloud providers share their environment, so making sure you’re protected from your neighbors is an important consideration.
What’s my “out” if it becomes necessary?
If a provider constantly fails to meet its obligations under an SLA, you can probably get out of your contract. However, you may find it necessary to move away from a provider for other reasons. Perhaps changing business requirements necessitate a return to an in-house environment, for example. Make sure to clearly understand the situations that enable a clean exit from the cloud provider and any liability that your company may incur by exiting the contract. There may be financial liability – for example, you may have to pay a termination fee – but more importantly, make sure you’re able to easily transfer the service elsewhere if you do need to exit.
How do the provider’s services integrate with remaining on-premises systems?
Very few organizations are simply closing down their data centers and moving 100% of their environment into the cloud. Services that move into the cloud still need to communicate with the remaining on-premises environment. Find out from your provider the various ways by which this goal can be accomplished.
Action Item: IT services are becoming more about risk management than technical ability, particularly as organizations adopt cloud services. CIOs need to make sure that they ask the right questions, both inside and outside the organization, to ensure that the company’s goals and needs are met without placing the company at undue risk.
Footnotes: