If Gartner is to be believed and only a mere 38% of enterprise IT organisations are using cloud services, there is undoubtedly continued concern regarding cloud usage. Andrew Cruise, Managing Director, Routed, a vendor-neutral cloud hosting platform provider, says that while there is massive scope for growth and improved cloud adoption, decision makers clearly need guidance in terms of what to look for when finally taking the leap into the cloud.
“The flip side of low adoption rates is the potential to grow the market. When making the decision, it is important to understand what to look for when choosing a cloud provider. Below are six critical elements to consider when making your choice,” says Cruise.
1. Is cloud a primary business focus?
Anyone that is hosting business critical internal data must be experts in the field, with a commercial focus on cloud; and have a dedicated, experienced, certified team whose primary responsibility is to architect, deploy, secure, manage and support cloud infrastructure. If it’s not the only thing a provider does, it needs to be at the very least a separate division or business unit, or else the provider’s ability to deliver security, performance and availability is diluted.
2. What data centre have you chosen to collocate at?
The data centre is the foundation on which robust cloud infrastructure is built. Once again, you will want to know that the data centre provider is a specialist in facilities management. Look for a proven track record in building secure, certified, highly available data centres with redundancy and resilience across power (dual UPS, dual generators), CRAC (computer room air conditioning) and fire risk mitigation.
It is also advisable to select an open access, vendor-neutral site at one of the main peering points for Internet connectivity. In doing this, you will not be restricted in your choice of private or public connectivity into or out of your cloud environment, or paying a premium for Internet breakout due to vendor lock-ins. For performance (latency) or compliance (e.g. POPI) reasons, it is better to be located in-country.
3. What hardware is utilised within their infrastructure?
Performance and availability SLAs with credit-backed penalties for breach of contract provide comfort to enterprises and are the minimum requirement from any reputable cloud provider. Although there is an argument that this should be sufficient, due diligence is also required to reassure a client that the SLA can be achieved. Similarly, minimum n+1 redundancy is a given (n+2 or 2n is much more preferable), but is not on its own sufficient. Enterprise workloads require enterprise hardware: for performance, clients should expect guarantees (in particular to counter ‘noisy neighbour’ in multi-tenant environments); for availability, only established vendors with battle tested products should be considered – failure avoidance is always better than fault tolerance, as any failure puts the infrastructure at greater risk of outage.
4. What cloud management platform do you use?
Customer self-service through web GUI or API is part of the definition of cloud and is a base-level requirement from any cloud provider. Once again, enterprise data requires enterprise hypervisors, virtualisation management and orchestration tools. How comfortable would an enterprise be with a cloud provider experimenting with a complicated, cutting edge open-source software stack? Clients must demand a mature, fully developed product set with established security credentials. This needs to be purpose-built for cloud, upgradeable and supportable by certified engineers, and backed by a trusted vendor.
5. Do you offer the full suite of cloud services?
Although there is an argument that enterprises should use multiple cloud providers to mitigate risk, it is also important that when it comes to cloud services the provider is a one-stop shop. Basic requirements include a virtual data centre, virtual LAN, and routing/firewalling service. Integrated self-service backup, archiving, and replication/disaster recovery services to geo-redundant data centres should be the norm for any leading cloud provider.
Consider the provider’s willingness and flexibility to connect to other service providers (e.g. storage services, Internet and other private connectivity services) either physically (open access) and/or virtually (using advanced routing and networking technologies). What services are offered to enable hybrid solutions, between a client’s premises and cloud; and what options are available for bare metal dedicated compute or isolated deployments? What overarching security solutions are available?
6. What additional steps do you take to protect my data?
It’s all about a client’s data. Apart from the base requirements for redundancy and fault tolerance, and the additional paid for backup and disaster recovery products, what else is being offered for data durability and resilience? Is data kept in single instance only, or snapshotted locally, or even replicated across failure domains or geo-redundantly? What additional security options are available: disk encryption? Two factor authentication? How can a cloud provider evidence that they care about the data as much as you do?