In the market for a cloud provider? 6 must-ask questions

Companies should follow a disciplined process and ask key questions in selecting a cloud provider.

But selecting the right cloud provider can be difficult. Many are out of reach for companies’ budgets, and it’s difficult to choose from the many, less costly cloud providers.

MDS Amiba’s Seamus Doran says value for money is a key factor for those seeking cloud solutions; just behind reliability and guaranteed level of service.

“Few companies are in a position to spend the billions required to build out these highly scalable, available and redundant systems globally,” says Greg Arnette, founder and chief technical officer atSonian Inc., a Dedham, Mass.-based provider of cloud-powered archiving and data management solutions. “Too many IT service providers are out there selling hosted services as cloud.”

But by following a comprehensive vetting process, these organizations can find a vendor who addresses their needs. Answers to a list of key questions that cover such areas as pricing, scalability, and response if there is a breach or disaster are the foundation of due diligence. Consider:

1. How much does the cloud vendor cost?

This is not as easy as it might seem. A 2013 cloud pricing report from 451 Research, a division of leading global analyst and data company The 451 Group, found that only 64 percent of Infrastructure-as-a-Service (IaaS) providers publish their pricing. The larger players are more likely to do so.

Eric Marcus, CEO of Marcus Networking Inc., a Tempe, Ariz.-based provider of technology and telecommunication services, says also that “cheaper is not always better. There are features that are lacking and people do not take into account things such as backups, 24/7 access or storage fees.”

Arnette cautions that failing to look closely at costs can leave a company with “a whopper of a compute bill at the end of the month.”

2. How can you get your data back if a vendor changes hands or goes bankrupt?

“Many people spend tens of thousands of dollars putting their data in the cloud, but never realize, if the company goes bankrupt or is sold, there may be no way to get the data out of there,” says Marcus. “Most people never think about an exit strategy and that is extremely important.”.

3. What steps is the vendor taking to secure and back up data?

Redundancy is essential for security against acute and sustained attacks, says Seamus Doran, sales and marketing director atMDS Amiba, a global provider of unified communications and collaboration solutions for SMBs and telecommuters, headquartered in Dublin.

Experts say that cloud shoppers have helped their cause by becoming more knowledgeable about their needs and the options available. “As providers are now subject to more competition, the terms and conditions overall have become more favorable,” Arnette says.

4. Does the vendor offer sufficient means to try out their products and services?

A trial run can give organizations a good feel for the product. “I always recommend that clients try demos out before committing long-term,” says Marcus.

5. Is the system scalable?

What are the costs of additional storage, traffic and resources that are common when rolling out or benchmarking new cloud features.

The cost of these additions is not always apparent and vendors’ pricing models for similar features can vary widely.

At the same time, a company may opt not to use certain features but not others or to discontinue the use of its own systems. All this can reduce the price. “If you’re looking to sunset [eliminate] your on-premise storage systems and avoid the ongoing costs of maintenance and support,” says Arnette, “ you won’t need to consider many of the cloud operating costs beyond ‘price per gig.’”

6. What is the responsibility of the cloud provider in case of a breach?

Many state and federal laws do not require outsourced IT companies to accept the burden of client breach response expenses, making non-biased, service-level agreements essential.

“If you make a decision to retain a specific cloud provider, it is your responsibility to ensure that private data is secure rather than the cloud provider’s,” says Jose Ruiz, cyber/privacy program manager at SLB Insurance Group, a Tamarac, Fla.-based underwriter and distributor of insurance products to retail agents.

He adds that if your clients sue, you need to resolve the situation with them before seeking compensation from the cloud provider.

“Legal experts with experience in risk management are recommended,” Ruiz says.

Insurance offers a means of financial compensation but will not actually recover lost or compromised data.

“Cloud providers are now agreeing to accept a certain amount or percentage of damages should a breach occur on their watch,” says Ruiz. “They’re also now including insurance-backed warranties on their client contracts.”

“Specify the levels of service required and [related] degrees of security and backup, define how to measure them, and only invite offers from service providers who meet [those requirements],” advises MDS Amiba’s Doran.

SLB’s Ruiz is equally cautious, advising clients to “spend a few extra days with your company’s legal team to negotiate a cloud provider’s contract.”

One last tip from experts: Ensure that your users are not determining your cloud asset requirements.

“If your users can initiate searches or spawn queries that will require [hardware resources], then you have essentially let the customer drive your cost, and that could come back to bite you,” says Arnette.