Cloud computing

Eight tips for working with a cloud service provider

Share this post:

Technologies like cloud computing have created new challenges for CIOs and IT teams, but working with a cloud service provider (CSP) can relieve some of that pressure. How can your CIO and IT organization ensure that your CSP is doing the right things?

Here are eight tips to get you asking the right questions:

1. Conduct a comprehensive needs assessment

Before consulting with a CSP, assess your cloud needs. Start by asking your IT team:

  • What is needed from cloud today? What will be needed in 18 to 24 months?
  • What services can be placed in the cloud first, second and last?
  • What cannot be placed in the cloud?
  • How is cloud defined? Private? Hybrid? Public?
  • What will be the business advantage?

These questions help establish the parameters of cloud service delivery.

2. Ask: Is there a back out strategy? What are the deal breakers?

These questions help ensure that you don’t get painted into a corner. A commitment to cloud impacts service, equipment, personnel, licensing, governance and overall development of an IT organization. A back out strategy ensures that potential risks are adequately considered.

3. Figure out TCO and ROI

Calculating total cost of ownership (TCO) and return on investment (ROI) is part of developing a cloud strategy. However, it’s important to know what’s included in the calculation, including unseen costs. For example, equipment that has no book value due to depreciation can still be used inside an organization. By understanding how TCO and ROI are calculated, you can understand where the break-even point is when shifting from capital costs to utility billing. Cloud becomes part of the equipment lifecycle planning process.

4. Consider the CSP’s transparency

Is vendor transparency in line with your business’ need for risk mitigation, compliance and auditing? If your IT organization is tied into the corporate risk matrix, cloud vendors must exceed these metrics.

Different industries, regions and countries have varying rules about data privacy, location, legal access and more. As data travels beyond the immediate control of a dedicated IT organization, the need for protective assurances grows.

5. Test, audit, verify and test again

IT leaders need to understand policy, process and metrics surrounding organizational resiliency, continuity and disaster recovery. That means you should have testing and auditing procedures in place to verify your CSP’s assurances. Does the provider conduct internal and external tests and audits on services that align with your compliance needs? How are threats and resource vulnerabilities identified? If there’s an intrusion, does the vendor have a policy for communicating the nature and outcome to you? Does the provider have documented certifications and audit reports?

6. Cover data management and security

Data management and security require stringent questioning of cloud service providers and an understanding of your organization’s maturity. Is cloud an appropriate delivery system? If data is co-mingled with other data, is there a security concern? Who owns the aggregated or summarized data? What is the on-boarding procedure for your staff and the provider’s staff? Does it align with your security and compliance needs? Is access available per your requirements?

7. Make sure your CSP’s infrastructure is solid

Any decent systems engineer will shout that all security begins with infrastructure. Access to data or applications only happens if there’s been a breach of the infrastructure. Therefore, these questions should be high on the list to ask potential CSPs:

  • Are architectural designs available?
  • What are the elements of change management?
  • How is system security designed?
  • What are the internal and external systems of monitoring and reporting?
  • How is equipment managed?

8. Decide where the responsibility line is

When multiple vendors are involved, finger pointing when something goes wrong becomes a favorite pastime. Some entity must either arbitrate or accept the responsibility for managing the other vendors — and this makes vendor transparency even more important.

CIOs may be aware of the resources being managed in-house, but they need to be even more aware of resources being managed in the cloud. Asking the right questions is a major part of a CIO’s job, so hopefully this list will get you started.

If you’re looking for expert guidance on your cloud transformation, the IBM Systems Lab Services Executive Advisory Practice is a group of experienced management consultants who can help.

Reach out to IBM Systems Lab Services today. Email us to learn more.

IBM Executive Consultant

More Cloud computing stories

Data breaches: The threat is real

The threat is real. You see it in the newspaper headlines and on your TV news channel. As predicted years ago, data is now the new oil. As with any valuable resource, it has become the main target for criminal organizations. In the past, the threat came from burglars or spies. Now the threat is […]

Continue reading

Why education matters: Building skills for your future

When you make an investment in something, you want to get the most out of that experience — and often that means learning is required. Technology is evolving at an increasing pace. The skills many of us brought to the workplace may not be the skills we’ll need on our next project, but high-quality training […]

Continue reading

Dark data: Peering through the blanket of the dark

“Come, thick night, and pall thee in the dunnest smoke of hell, that my keen knife see not the wound it makes, nor heaven peep through the blanket of the dark.” —William Shakespeare, Macbeth, Act 1, Scene 5 There’s a little Shakespeare for you: that’s Lady Macbeth, waiting for the doomed King Duncan to arrive […]

Continue reading