Download the authoritative guide: Cloud Computing 2019: Using the Cloud for Competitive Advantage
Choosing an enterprise-class cloud managed services provider is no trivial task, as the offerings have grown increasingly complex and detailed as the market has grown. The consequences are also significant. If you are going to take apps, computing, and data out of your data center and put it in the cloud and in the hands of a third party, you need to know this managed services provider is trustworthy and reliable.
Enterprise-level cloud managed services demands an infrastructure that is secure, scalable, and always available with little to no downtime or absolutely no loss of data. Data should be accessible from anywhere. And if possible, your connection should not be over the public Internet but through private, secure channels.
You're not just looking to reduce capital costs, you want end-to-end performance, reliability, and security backed by the best of service level agreements (SLAs). So you have to be picky and read the fine print very carefully. Let's look at what you need to get the best of a cloud provider.
Managed Services Provider: The Shopping Guide
1) Remember that this is an ongoing partnership that must be managed like any other part of your supply chain. Just because you got to outsource some of your IT expenses and converted that capex to an operating cost doesn't mean you can fire and forget. Your provider must be someone you are in regular and routine contact with.
2) Read that SLA carefully. They may be your partners but providers aren't going to take a bullet for you. Know that those SLAs and policies are written to protect the vendor, not you, and by their lawyers. Look at the responsibilities for data integrity and protection, down time, availability, quality of service, refunds for lost time, and so on. If it's not crystal clear, ask for clarification.
3) Get references. This isn't just cloud backup for non-sensitive files or using Salesforce any more. A relationship on this level involves business-critical workloads. The best thing you can do for yourself is to talk to your peers at other companies, business partners and competitors alike, that are similar in size to your company, to see what provider they are using and if they would recommend said provider
4) Clearly define which workloads are being migrated to the service provider. You want to go with the least mission-critical as you work out the relationship and determine your provider's reliability. Later on, you'll likely add more workloads if the hosting results are good.
5) Contain costs. Payments on this level are not flat-fee, one size fits all. They reflect capacity, quality of service (QoS) and adherence to service level agreements (SLAs) for the workloads hosted by the service provider. They can also escalate quickly if you increase your reliance on the provider. This must be clearly spelled out before signing the deal, and performance on the goals should be reviewed on a regular basis to ensure they are being met.
6) Request the full menu of services up front. We're well beyond compute and storage now. The price lists for Amazon, Microsoft Azure and Google are very comprehensive and subsequently very complex. Get a complete price list for the provider's features and functions, including those that are unusual or unique. Detailed terms of service level agreements are another important point, just in case something goes wrong (and it will eventually).
7) Spell out the support responsibilities. Levels of support can be a critical differentiator from one provider to the next. Find out if a situation arises where you need support if can you do it all yourself or need to involve the provider. Will it come from the provider or an outsourced third-party? Do you need a person to call or will e-mail or a service desk ticket suffice?
8) Location, location, location. If you are in a regulated industry, compliance laws may very well forbid your data from being stored outside the country. The major cloud services providers are global and have data centers in places like Finland and Singapore. Make sure your data stays within the United States, if need be. Also, international data centers, while fast on their end, might be subject to latency issues since they are up to 12,000 miles away.
9) Contract terms. This is potentially a showstopper as cloud providers often have fixed contracts and are not open to negotiations. So if the terms are not acceptable, then neither is the provider. There are providers who will negotiate for a large potential customer but you have to be a very large customer bringing in a lot of business before they will bend.
10) Management and tool support. You need to know how easy it is to manage the cloud service from your network because it will have an impact on costs for help. You may need to hire new people to manage the connection if your current IT staff does not have the skills needed. And there must be tools for provisioning, metering, measuring, data transfer, security management, monitoring and more. Make sure the provider supports the necessary third party tools, especially the tools your teams already use.
11) Security. Due to the sensitivity of your content, you want more than just password protection. An enterprise-level provider should offer data encryption, in rest and in motion data protection, access controls, two-factor login, role-based access controls, incident and event monitoring capabilities, and post-factor forensics.
12) An exit strategy. Relationships can and do break down. If the results are not as expected or as agreed, there should be a plan in place before you signed on to regain your workloads along with the associated data that migrated to the service provider. Make clear the terms of availability and access to get back what you put in their servers. There should also be clearly stated terms of a termination agreement, such as why/when a contract can be terminated, who is responsible for what costs and how contested items/issues can be resolved.
Photo courtesy of Shutterstock.