Six-point checklist for choosing a cloud vendor

Six-point checklist for choosing a cloud vendor

Six-point checklist for choosing a cloud vendor

In our booming market of cloud services vendors, it can be difficult to work out who will give you the best technology and the best service for your business. So we’ve pulled together a six-point checklist with questions to ask your vendor or IT partner.

Global cloud market will be worth £71 billion by next year

~ CloudTech

Research from Markets and Markets, a market research firm, has found that the cloud services market is expected to increase to £71 billion – that’s up 26% since its 2010 value of £22 billion. It’s already a pretty crowded, confusing market out there.

Here’s how to deal with finding the right vendor for you.

1.    Regulatory compliance for your industry

Ask your vendor this question: Does your service comply with the regulatory requirements of my industry?

Regularity compliance is an important part of running a business. Most market sectors, from legal and financial services to retail and healthcare, are all subject to laws that impose demands on how they should conduct business. Regulators may include The PCI Security Standards Council (PCI) and the Financial Conduct Authority (FCA). Regulations can include Sarbanes Oxley and the seven-year data retention rule for auditing.

Failure to comply comes with potentially business-busting penalties. For example, the Information Commissioner’s Office (ICO) can levy a fine of up to £500,000 if a company is found in serious breach of the Data Protection Act.

2.    Data centre tier classification

Just for a moment, imagine that you lost your organisation’s data. The word ‘nightmare’ springs to mind, right? Your data is business critical, so making sure it’s stored in appropriate, secure data centres is essential. But data centres come in all shapes and sizes, from all sorts of places. The table below outlines some of the implementation and performance requirements for each of the four tiers – or grades – of data centres available to you.

Depending on your business requirements, we’d suggest that with cloud services you go no lower than a tier three data centre. 

3.    Data centre locations

Make sure that the location – or locations – of your potential cloud vendor complies with the Data Protection Act – principle eight. It stipulates the following:

Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

For your data to be as secure as possible, you need to make sure it sits in multiple data centres, that are maintained in multiple locations. That way, if one data centre suffers a disaster, your data will be safely mirrored and still accessible from another location.

So ask your cloud vendor how many data centres your data will be mirrored to. 

4.    Data security – ISO27001 and encryption

You can be confident that a vendor who is ISO 27001 certified to the fullest specification, including all services, will have adequate and proportionate security controls in place to protect your information. Ask your vendor what information security management system they have in place.

Also, ask them if your data will be encrypted. It’s important that data is encrypted in transit. A good vendor will typically use a 128 or 256 bit AES encryption. If appropriate, your data can also be encrypted in storage, depending on your application.

5.    Technical support

Does the vendor’s technical support service meet your business needs?

If you require highly secure, reliable service and support, find out if your vendor offers these important factors:

  • 24/7 support, 365 days a year
  • Email and phone contact details
  • Technically qualified staff
  • The latest ITIL practices
  • Accreditation to ISO IT service management standards

6.    Service Level Agreement (SLA)

Find out if their SLA meets your business needs. The SLA should cover the following:

  • Service description
  • Service availability, including a satisfactory uptime guarantee
  • Support hours
  • Problem management
  • Issue response time
  • Reporting
  • Supplier duties and responsibilities
  • Customer duties and responsibilities
  • Fees and expenses
  • Money-back guarantees if applicable

Checklist for a safe, secure cloud vendor

In summary, these are the key questions to ask your cloud services provider:

Useful resources:

Share this post

Join our cloud community

Join our cloud community Sign up for email updates