Share this post:
Technologies like cloud computing have created new challenges for CIOs and IT teams, but working with a cloud service provider (CSP) can relieve some of that pressure. How can your CIO and IT organization ensure that your CSP is doing the right things?
Here are eight tips to get you asking the right questions:
1. Conduct a comprehensive needs assessment
Before consulting with a CSP, assess your cloud needs. Start by asking your IT team:
- What is needed from cloud today? What will be needed in 18 to 24 months?
- What services can be placed in the cloud first, second and last?
- What cannot be placed in the cloud?
- How is cloud defined? Private? Hybrid? Public?
- What will be the business advantage?
These questions help establish the parameters of cloud service delivery.
2. Ask: Is there a back out strategy? What are the deal breakers?
These questions help ensure that you don’t get painted into a corner. A commitment to cloud impacts service, equipment, personnel, licensing, governance and overall development of an IT organization. A back out strategy ensures that potential risks are adequately considered.
3. Figure out TCO and ROI
Calculating total cost of ownership (TCO) and return on investment (ROI) is part of developing a cloud strategy. However, it’s important to know what’s included in the calculation, including unseen costs. For example, equipment that has no book value due to depreciation can still be used inside an organization. By understanding how TCO and ROI are calculated, you can understand where the break-even point is when shifting from capital costs to utility billing. Cloud becomes part of the equipment lifecycle planning process.
4. Consider the CSP’s transparency
Is vendor transparency in line with your business’ need for risk mitigation, compliance and auditing? If your IT organization is tied into the corporate risk matrix, cloud vendors must exceed these metrics.
Different industries, regions and countries have varying rules about data privacy, location, legal access and more. As data travels beyond the immediate control of a dedicated IT organization, the need for protective assurances grows.
5. Test, audit, verify and test again
IT leaders need to understand policy, process and metrics surrounding organizational resiliency, continuity and disaster recovery. That means you should have testing and auditing procedures in place to verify your CSP’s assurances. Does the provider conduct internal and external tests and audits on services that align with your compliance needs? How are threats and resource vulnerabilities identified? If there’s an intrusion, does the vendor have a policy for communicating the nature and outcome to you? Does the provider have documented certifications and audit reports?
6. Cover data management and security
Data management and security require stringent questioning of cloud service providers and an understanding of your organization’s maturity. Is cloud an appropriate delivery system? If data is co-mingled with other data, is there a security concern? Who owns the aggregated or summarized data? What is the on-boarding procedure for your staff and the provider’s staff? Does it align with your security and compliance needs? Is access available per your requirements?
7. Make sure your CSP’s infrastructure is solid
Any decent systems engineer will shout that all security begins with infrastructure. Access to data or applications only happens if there’s been a breach of the infrastructure. Therefore, these questions should be high on the list to ask potential CSPs:
- Are architectural designs available?
- What are the elements of change management?
- How is system security designed?
- What are the internal and external systems of monitoring and reporting?
- How is equipment managed?
8. Decide where the responsibility line is
When multiple vendors are involved, finger pointing when something goes wrong becomes a favorite pastime. Some entity must either arbitrate or accept the responsibility for managing the other vendors — and this makes vendor transparency even more important.
CIOs may be aware of the resources being managed in-house, but they need to be even more aware of resources being managed in the cloud. Asking the right questions is a major part of a CIO’s job, so hopefully this list will get you started.
If you’re looking for expert guidance on your cloud transformation, the IBM Systems Lab Services Executive Advisory Practice is a group of experienced management consultants who can help.
Reach out to IBM Systems Lab Services today. Email us to learn more.