Evaluating cloud infrastructure as a service providers can be challenging with many options, complex offerings, and other considerations. From compliance with regulatory requirements pertaining to data security to uptime concerns, availability of customer support, and more, not to mention navigating Service Level Agreements and making sense of the technology stack, it’s no surprise that many companies struggle with selecting the best cloud infrastructure as a service provider.
To provide deeper insight into the key factors that should be weighed when evaluating cloud IaaS providers, we asked a panel of cloud and IT experts to answer the following question:
“What are the most important factors to consider in evaluating cloud infrastructure as a service vendors?”
Find out what our experts had to say below.
Meet Our Panel of Cloud Experts:
As an expert in security and network infrastructure on every platform, Nick has consulted with clients ranging from a few computers to the Fortune 100 level. He has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys keeping current by creating, breaking, and fixing test environments. Currently, Nick is the CIO at BSSi2.
“There are several key factors to consider in evaluating cloud infrastructure as a service…”
As the CIO of an IT Consultancy, we take great care in choosing cloud providers for our customers. A poor experience for them will reflect poorly on us. To begin, we look at how support is offered from the cloud provider. Is it 24/7/365 support? Do the support technicians speak fluent English? What is the company’s overall employee rating from sites like Glassdoor? This last one is very telling as to the culture and atmosphere at the provider. If they have a poor culture with high turnover then it’s very possible that the support staff you’re talking to are new and not as experienced with the platform or products. This is a big issue when an emergency hits.
We will look into the redundancies the provider claims to have. Are they truly 99.999% uptime? Do they have multiple Tier 1 NOCs for their equipment? What are the providers of the Internet connections? Are they backboned on multiple OC192 connections or higher? How quick is the replication of real time data between the data centers? Is it under 3ms? What is the bare metal platform their offerings are running on? Any Tier 1 provider should be happy to answer these questions, and we will not consider using a provider if they fail to meet these qualifications.
Once we have confirmed that the infrastructure, speed, replication, and uptime are all solid, we turn to the actual service offerings. Will the provider meet or exceed the compliances that our clients require? Are they SEC, HIPPA, PCI, ITAR, FINRA, and NIST compliant? Are they willing to sign business agreements confirming this? Will they offer a full encryption container for all data that is at least 256bit AES so none of the provider’s staff can access the data? Will they offer full audit tracking and unlimited revision history for our data? Again, any Tier 1 provider can easily answer these questions and be compliant. If you’re able to find a provider to meet these standards then you won’t face issues such as outages and fear of data loss. A little homework goes a very long way.
David Meyer, owner of Technology Simplified, provides small to mid-sized clients a variety of tech solutions including onsite and/or remote computer services, cloud computing, emergency response, computer optimization, CRM, and managed services. Technology Simplified’s tagline says it all: Life is complicated. Technology shouldn’t be.
“When evaluating cloud infrastructure as a service vendors, the most important factors to consider are…”
1. Will the vendor be in business several years down the road? There are many small cloud startup companies competing against the big boys (Google and Microsoft). It is very important to vet your cloud vendor to ensure they are financially stable and your data is not in danger of being padlocked if the vendor shuts their doors and their equipment is repossessed.
2. Is the cloud vendor compliant with modern security requirements or the requirements of your customers and business partners?
3. Is there an SLA (Service Level Agreement) to ensure your uptime and availability of data in the event of a disaster?
4. Is your data platform independent? Being able to access your data from any device at anytime is vitally important. Using a Windows PC, a MAC, an Android Phone, an iPhone, an iPad, or any other tablet or device should not impact accessibility to the cloud.
Rob Boston is an Enterprise Account representative for MediaFusion.
“There are five critical factors to consider when evaluating cloud infrastructure as a service vendors…”
I work for a company that offers a SaaS product to enterprise clients. When we built our product we had to make several buying decisions regarding cloud infrastructure. We had to learn from some early mistakes and that has caused us to change what we look for in cloud infrastructure providers.
There are five key items we evaluate today:
- Ease of use/ ease of setup
- Reporting ability
- Quality product support
Before co-founding FortyCloud, Amit was the VP Product and before that, CTO at ECI Telecom. During his 13 years at ECI, Amit led the development and integration of cutting-edge technology projects for some of the world’s leading telecom operators, including British Telecom, France Telecom, and Deutsche Telekom. Amit has a BA and MSc in Computer Science from the Technion and an EMBA from the Kellogg School of Management.
“The most important factors to consider in evaluating cloud infrastructure as a service vendors include…”
Service coverage, SLA for availability, and level of support.
However, security is usually the primary concern. Therefore, it is important to clarify who manages the encryption keys, data encryption in transit and at rest, firewalls and identity-based firewall rules, anti-virus detection, and more.
The shared responsibility model states that it is the responsibility of both the cloud provider and the business customer, with a clearly defined demarcation, to ensure that the cloud deployment is properly secured. Specifically, it is the responsibility of cloud business customers to secure all operating systems and applications that they use over the cloud provider’s infrastructure. Therefore, it is important to investigate these issues when selecting a CSP.
Aja McClanahan is a principal at Comprehense, Inc. where her team deploys cloud-based database products. She is a certified Salesforce.com admin and developer.
“The top factors to consider when evaluating cloud infrastructure as a service include…”
1. Uptime – Can the vendor produce reports and verified logs on system status? Are crashes event-driven (i.e., Black Friday, Stock Market downturns, etc.), and if so, why?
2. Security – How is data secured, and have there been any breaches? If so, how have they been remedied?
3. The effect of multi-tenancy on site performance. Does too many subscribers slow down your service performance?
4. Customization – Is it a pain to customize the service for your needs, or is the vendor’s dev team tied up in pushing releases for the company? This could mean a static product that doesn’t meet your needs and can’t be easily customized.
5. Exclusivity – If the relationship goes sour, how easy is it extract your legacy data? Is it expensive? Time consuming? Both?
Julian Jacobsen is an IT consultant and owner of J.J. Micro LLC IT Consulting. He supports over 120 clients in the St. Louis, MO area. Julian has over 10 years of consulting experience and specializes in small business Windows Server environments.
“The most important factors to consider in evaluating cloud infrastructure as a service vendors include…”
I’ve had a number of clients come to me interested in the possibility of moving their entire infrastructure to the cloud. They want to know if it is cheaper to let a cloud provider handle the physical and network security of the hardware, the uptime of the hardware and services, and the patching/troubleshooting of the hardware/services.
Generally, we have found that with consideration to the entire hardware life cycle, cost of redundant internet connections, and man hours to setup and maintain equipment, a completely cloud based infrastructure can be at
least 10% cheaper depending on the client’s requirements.
My clients want to know if their Internet connection will handle cloud services. Most of my clients are small to medium-sized businesses and the one major upgrade they need to make the best use of cloud services is an upgraded Internet pipe. If everything exists in the cloud, our clients need a fast, reliable Internet connection to keep their local users from wasting time waiting for files to sync or web apps to load.
Many of our users come to us with fairly slow DSL lines that max out around 15 Mb down and 512 Kb up. Depending on the number of users (more than one or two), this is unacceptably slow to support a fully cloud-based infrastructure. We recommend a business class connection with at least 100 Mb down and 5 Mb up.
Other clients are more concerned about the security of storing everything in the cloud. To ensure the best security and privacy for their data, we look for cloud providers that conform to FEDRamp standards. FEDRamp is a
government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Many providers like Microsoft, Amazon, and IBM do comply with FedRAMP’s standards. Although, conspicuously missing from the list is Google’s Cloud Platform. When choosing your provider, certification from FedRAMP is a good indicator that a provider takes security seriously.
As the Vice President of The Alternative Board, David Scarola is responsible for executive oversight of Information Technology, Member Management, and Marketing Operations. In his position, Dave seeks ways to fuse technology with process to build TAB’s brand awareness and community of small business owners.
“In evaluating cloud infrastructure as a service vendors, companies should consider…”
According to The Alternative Board’s July 2015 survey on cloud technology, entrepreneurs are more concerned with functionality than security when choosing cloud systems for their business. The most important factor to consider in evaluating a cloud system is how it will boost productivity. The survey results show that the biggest difficulty business owners face when implementing new cloud technology is poor employee training and clunky transitioning. With that in mind, it’s important to find cloud services that 1) are easily picked up by employees, 2) come with proper training and support, and 3) make transitioning old systems easy, if not effortless.
Keith Minkler is a senior developer with Argyle Technology Group, a consulting group that helps companies migrate to cloud infrastructure and implement DevOps cultures within their organization.
“When it comes to evaluating cloud infrastructure as a service vendors, the most important factors to consider really boil down to…”
Cost and features. It can be very difficult to estimate the costs of cloud resources. There are many hidden costs of running services in the cloud that can be difficult to predict, including storage, bandwidth, and even I/Ops. There are some tools out there that attempt to predict usage, but in the end, these can be difficult to predict or be extremely variable from month to month.
Depending on the cloud vendor, costs may be able to be reduced for the static parts of your infrastructure through purchasing the resources up front or committing to certain time periods of usage.
Make sure that the costs of running cloud infrastructure fall within your budget, and be sure that you understand all that you will be billed for. Don’t forget to purchase some level of technical support, as you will invariably run into issues with the deployment of your unique application onto the cloud vendor’s model of operation. Understand what level of service you will receive for the level you’re willing to pay for.
When it comes to features, you need to be sure that your cloud vendor will support your current application and that they provide features that will make application development, deployment, and maintenance easier.
Taking advantage of managed cloud services provided by your vendor can reduce development and operations costs, but be aware that these services are generally not portable, and you will be locking yourself into your cloud vendor, creating a situation where it becomes very difficult to switch vendors in the future.
Not taking advantage of these managed services is always possible as you can run whatever supporting infrastructure your application requires on vanilla computing resources, which will make your application more portable in the future but will raise your development and operations costs, and could subject your application to more downtime if it is not configured or maintained correctly.
If you did your homework and picked the right vendor, lock-in won’t be an issue for you, since you will have understood that the pricing model and usage will fall within your budget, and taking advantage of managed services
correctly will improve your uptime and decrease your personnel costs.
Vasu Subbiah is the VP Products at CloudVelox.
“When looking at cloud infrastructure as a service vendors, it’s critical that you…”
Find a vendor that has robust APIs that can automate manual functions, especially existing networking and security services. Customers are much more willing to move to the cloud as long as they can automate their networking and security policies to the cloud. In addition, you want to be sure your IaaS vendor offers proven backup and data recovery capabilities, uses secure infrastructure, provides 24×7 support and is tech agnostic. It’s also a bonus if a vendor has multiple locations in both the customer’s home country and internationally.
Michael Fimin, the accomplished expert in information security, is the CEO and co-founder of Netwrix, the IT auditing company providing software that maximizes visibility of IT infrastructure changes and data access. Netwrix is based in Irvine, CA.
“There are three key factors to consider when evaluating cloud infrastructure as a service vendors…”
Cutting IT costs by moving to cloud and adopting an Infrastructure as a Service (IaaS) deployment model is a growing trend, but choosing the right provider that brings the best results both in terms of performance and cost-effectiveness is increasingly complex. I would suggest three factors to consider when evaluating IaaS vendors:
Availability. A trusted IaaS vendor will provide reliable access to the infrastructure and will be resilient to adverse events (even natural disasters) to help customers successfully perform daily business tasks. Additionally, it’s extremely important to find out if a provider can offer customer-friendly service and support available 24/7.
Security. Cloud service providers are able to ensure customer data security on both physical and network levels, regularly assess the environment for security risks, and monitor the IT infrastructure for hidden or malicious activity. The vendor will also provide detailed information about which authorized users are touching the data and what changes they make to minimize the risk of data leaks.
Compliance. A good service provider will prove that it has established all necessary security mechanisms and is able to take responsibility for data integrity, even for customers from highly regulated industries. A quality IaaS vendor will provide services and controls to help its clients meet both compliance requirements and internal regulations, as well as pass compliance audits.
Mark is a research and development manager with over 17 years of experience in software and hardware development fields, as well as extensive skills in building technologies for both telecom and enterprise customers. He has spent the last six years leading the Embotics engineering team and building out virtualization and cloud management capabilities. Mark holds a Computer Science degree from Concordia University and an MBA from the University of Ottawa.
“The key to evaluating cloud infrastructure as a service providers is…”
In the early days of virtualization adoption, VM sprawl and over-provisioning were common, but rightsizing and performance optimization has remediated these for on-premises sprawl. Then along came the public cloud. And to make matters worse, very often an organization’s initial public cloud consumption isn’t even managed by IT. Instead, it’s controlled by various lines of business (LOBs) through shadow IT — teams that have little or no expertise in IT processes. It’s no wonder some organizations experience sticker shock when they get their first AWS or Azure bill.
Take heart: Emerging third-party solutions provide performance rightsizing for various public cloud vendors, allowing you to ensure that you’re purchasing correctly sized instances. Some automation solutions also provide the same costing and life cycle capabilities for both private and public cloud environments, ensuring a proper rental model for workload consumption. In fact, the public cloud is actually driving private cloud costing.
Enhancements can help control public cloud sprawl specifically, notably power scheduling. Many of the public cloud workloads are used in dev/test, with engineers leaving them powered on when not in use. A simple schedule that powers these off during non-business hours could potentially save over half of your monthly bill.
In the case where public cloud consumption is controlled outside IT, the IT team still requires a single pane-of-glass solution to, at a minimum, inventory and report on those workloads. Some automation solutions also provide the ability to assign organizational ownership to new workloads as they get spun up. This will guarantee that there is at least some accountability to the LOBs.
The first step in managing sprawl is holding business units accountable for their own workloads to shine a light on what IT really costs an enterprise. The end goal is to empower IT departments to act as brokers for providing ITaaS to various clouds.
Jeff Frankel is Executive Vice President and Principal at docSTAR, a B2B software firm specializing in cloud document management solutions and business process automation. He has more than two decades of experience in corporate business development, working with industry-leading firms including Authentidate Holding Corp, Health Focus of NY, and Ernst & Young.
“Despite the ‘utility’ promise of cloud computing, IT departments over the past 5 years have dramatically changed their approach to selecting cloud services and solutions…”
This is because CIOs and IT organizations, at the end of the day, still need to focus on finding a cost-effective and
reliable solution for their business. This means starting with a comprehensive understanding of business requirements and then moving on to gain a solid comprehension of the appropriate enterprise architecture. You will
need to decide whether to go with a commercial solution or to build one in-house. And you’ll have to determine if a cloud, on-premise, or hybrid solution is right for your organization. If your selection criteria leads you to a cloud-based solution, you need to answer these critical underlying questions:
- Is this cloud solution the best solution — both functionally and economically?
- Will this cloud vendor be easy to do business with, and are its long-term prospects as a business good?
- Does this cloud solution reduce technology complexity?
- Will this cloud solution enable us to effectively manage operational, security, and compliance risks?
“There are a few factors to consider when evaluating cloud infrastructure as a service vendors, including…”
- Performance of the hardware and network infrastructure is very important.
- The number of locations the vendor offers.
- A predictable and economical billing model. Analyze your need (e.g., if its bandwidth-exhaustive or not) and
look for a cost breakdown accordingly.
- Reliability and fault tolerance. Perform a historical check of the vendor’s uptime and ability to recover from disaster.
- Customer support and community.
- Initial provisioning time and time to scale up and down.
- If you are creating an enterprise offering or a platform like CW, then API is a significant consideration.
- An embedded infrastructure monitoring and alerting mechanism.
- Analyze your local or enterprise data retention laws/policies and see if the provider is compliant.
- A nice UI/Console is a plus for usability.
Let us know what you think? What evaluation criteria are you using? As an MSP, you can learn more about what to look for in our white paper: Six Considerations When Selecting a Partner-Friendly Cloud Service Provider