what to look for in your cloud provider.. beyond the software
TRANSCRIPT
Context
Facts
– Cloud is getting a lot of attention
– Lots of buzz but little information on ‘What To Look For In Your Cloud Provider - Beyond the Software’
Today’s Objectives
– Talk about the top 10 considerations when choosing cloud partner
– Tell you questions to ask your cloud provider
Mainframe Web Cloud Client Server
IT Evolution
Private Public
Hosting Partners (like Bhumishq)
Rapid implementation
Anywhere-access
Rich customization
Microsoft Hosted
Control & ownership
Strategic capabilities
Advanced integration
On-Premises Partner Hosted
Outsourced IT
Industry / Vertical configuration
Packaged solutions
1. Look For A Flexible Provider
Look For A Flexible Provider
Cloud is all about flexibility and agility
Most organization Cloud strategy is not well
defined yet
Providers needs to remain flexible.
A ‘rigid’ Cloud offering is a barrier to Cloud
adaptation
Ask for ‘no strings attached’ trial period before
committing
2. Geo-redundancy
Geo-redundancy
Cloud is about anytime / anywhere availability of
data
Single site data centre can be a potential single
point of failure
Cost of connectivity, shortage of bandwidth and
latency are the current determinant for data centre
geo-redundancy
Example - Microsoft runs multiple
geo-redundant data centres
(some disclosed, others not) worldwide.
3. Data Centre Facilities
Some of the key factors to consider in a Cloud facility
are –
Power
Cooling
Fire Detection & Suppression
Physical Security
CCTV Surveillance & Recording
24 x 7 Helpdesk and ops Centre
POWER Redundant utility power source Fully redundant power distribution with no single point of failure N+1 UPS system On-site full load capable power generator
Cooling Precision based air-conditioning units Grid failure protection on cooling units – dual chiller & DX based precision units Humidity control
Fire Detection & Suppression VESDA (Very Early Smoke Detection Apparatus) based system. Clear agent, non-residual gas. Environmental & human friendly.
Physical Security Secure and restricted access facility. Bio-metric based access control Presence of trained security guards
CCTV Surveillance & Recording CCTV video recording and archiving
24 x 7 Helpdesk and Operations Centre Round the clock technical support 24 x 7 data centre critical operations monitoring team
4. Data Centre Physical Location
Data Centre Physical Location
Location – avoid proximity to RFI (Radio Frequency
Interference) generating industries, flight paths, near
potential dangers from sea, chemical and other
hazardous plants
The data centre building should be within reasonable
commuting distance for employees, support vendors,
and other business partners
Data centres need redundant sources of
telecommunications, electricity, and water to eliminate
any single points of failure
5. Scalability
Scalability
‘Pay as you go’ model
Cloud provider should be capable of quick
provisioning of scaled up requirements around
storage needs
Flexible retention choices to manage capacity, cost
and regulatory requirements
Business Continuity Plan
6. Business Continuity Plan
7. Data Retention Policy
Does the cloud vendors’ Business Continuity plan
meets your Business Continuity requirements?
How does provider guarantee uninterrupted
services?
Can provider give you documentation of its BCM
plan?
When in doubt, ask for 3rd party BC audit
Data Retention Policy
What happens to my data when I cancel my Cloud
service?
7. Data Retention Policy
Is my data returned?
Is it deleted?
Service Level Agreement
8. Service Level Agreement
What are the agreed service delivery terms?
How they are measured & reported?
What happens if the agreed terms are not
delivered?
- Financial penalties on Cloud provider.
Industry Credentials
9. Industry Credentials
What are service providers’ Cloud industry
affiliations and partnerships - like Microsoft partner,
Microsoft hosting and online services
competencies, SPLA arrangement etc
Industry recognized certification & membership like
Uptime Tier based certification, CSA (Cloud
Security Alliance) membership etc
Local related authority licencing and other
requirement fulfilment
Compliance Requirements
10. Compliance Requirements
Gather legal and regulatory requirements first for a
feasibility assessment
Can your data be taken out of country?
Does regulations like PCI, SOX, HIPPA etc.
that’s mandates control over operations of
infrastructure & critical data affects you?
Other Legal And Contractual Issues
IP
Liability
Thoroughly vet your provider
Closing Thoughts
Cloud is the future Cloud means different to different persons One-size fits all approach may not work Try it before you commit