Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Before you choose a cloud computing vendor: 8 questions

Kevin Fogarty | April 28, 2010
There are few ways a CIO can look better than by walking in to the CEO's office to offer a sophisticated technology service that answers a desperate business need without requiring large capital expenses or delays before implementation.

2. How transparent is the cloud service?

"There's a lot of mystery in clouds," according to Chris Wolf, analyst with the Burton Group. There's no need to understand the underlying infrastructure and the company's plans to upgrade or reinforce it if you're just using Google for Gmail. But any company hiring a provider for important business functions deserves to know what kind of technology -- and secondary or tertiary service providers -- actually makes up the cloud and how reliable it is.

3. How prepared is the cloud provider to answer due-diligence questions?

Some of the most critical questions are the most basic: what does the company do to ensure physical security; what servers and software does it run and what are its arrangements for disaster recovery; are its employees all well trained, background-checked, bonded and secured?

"All the basic stuff is pretty important, but you have to verify that," Wolf says. "You have to know they're relatively stable and reliable in hiring and you have to check on things like making sure they have redundant telecom arrangements and high availability/DR options so you don't go down for three days when they have a power outage."

4. How much access does the cloud provider offer?

"You should be able to go through your list of criteria with the vendor and get answers to your questions and have them revisit that periodically to demonstrate how they're living up to your expectations," Golden says. "If it's a big contract, you're going to want to do audits periodically to verify SLA and compliance and security issues."

5. How much access does the cloud provider deny?

On the other hand, Golden says, no service provider can afford to spend all its time answering questions from customers.

"They still have to provide their service," Golden says. "Some providers will go through the whole audit with you whenever you want, but how much value is there in having them answer a questionnaire for you when 90 percent of the questions are the same ones that every other customer asks? Some are too far at the other end. Amazon puts up a white paper and says 'here's our privacy policy and our security procedures, it's your responsibility to go through this and make sure what we do matches with your requirements.' "

"Amazon is maybe a little too distant, but you don't want to have a provider verifying their physical security by letting you walk around the data center and look at it. Then you know some other customer is doing the same when you're not there, and you'd rather no one has physical access to your servers that doesn't work for that company," Golden says.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.