APM Group, the Cloud Industry Forum's (CIF) independent certification partner, has announced the five steps that end users should follow when choosing a cloud supplier. Based on feedback from operating the CIF Code of Practice, the five steps set out key criteria that need to be explored to avoid some of the most common problems.
Richard Pharro, CEO of APM Group, comments: "Just because a cloud provider is not CIF certified, it does not mean they should be automatically excluded from any tender - indeed there are many highly reputable suppliers in the market that have not gone through our certification process. But the opacity of some Cloud Service Providers (CSP), and their SLAs, complicates the journey to the cloud and makes it difficult to know exactly what they are providing so end users need to ask sharper questions of prospective CSPs to get all of the information required to make a wise choice.
"The latest CIF research shows that there is still a lot of inexperience in this relatively new IT delivery model,” Pharro continued. “Over the next 12 months, roughly one quarter of non-cloud users expect to adopt cloud services, and a further 76 percent plan to increase their current usage. This inexperience, coupled with legitimate concerns amongst end users relating to security and the migration process, means that end users must equip themselves with enough knowledge to be able to select a trustworthy, accountable and credible CSP.”
To this end, APM Group has outlined five steps that end users should consider carefully before migrating to the cloud:
1. Make sure you know whom you are dealing with
A company website is not a legal entity and so cannot give you any concrete certainty about whom you are dealing with. Make sure you find out the registered corporate name and its location, legal status, details of major shareholders and board of directors. Be very wary of organisations that do not declare their physical address and contact numbers. It is also important to find out how long any provider’s supply chain is and whether it is offering a service directly or through third-party companies.
2. Get the detail sorted in the paperwork
As cloud is a service – it is fundamentally important that you get a clear and enforceable service level agreement and contract to hold your provider to account for delivery. This has to include pricing policies, payment terms, contract length and options to terminate (for both parties). Importantly, service level agreements need to spell out how your provider is accountable if things go wrong and how they will go about putting things right. Don't be afraid to insist on financial penalties that reflect the cost of any problems for your business.
3. Migration and integration experience is crucial
Signing up to a provider is one thing, but how will the provider support you in migrating your IT to the cloud and then integrating that service with any legacy systems that you will probably still be using? Dig deep into this area and be clear about what level of responsibility a potential provider will accept during the transition period and for continuous maintenance throughout the contract period. How adaptable will they be if and when you want to overhaul the set-up that you have?
4. Do you have a right to audit?
You should not have to take your provider’s word for anything. They should offer you the ability to conduct your own audits onsite of their service for everything from data security to licence compliance.
5. Have an exit strategy
Like any service contract, the day you enter into it is the countdown to when you will change providers. Vendor lock-in has been a constant presence in the technology industry for years and this is still the case with cloud computing. Make sure that obligations on data handling and migration to a new cloud provider are sewn into the contract with your provider.