Cloud computing

Eight tips for working with a cloud service provider

Technologies like cloud computing have created new challenges for CIOs and IT teams, but working with a cloud service provider (CSP) can relieve some of that pressure. How can your CIO and IT organization ensure that your CSP is doing the right things?

Here are eight tips to get you asking the right questions:

1. Conduct a comprehensive needs assessment

Before consulting with a CSP, assess your cloud needs. Start by asking your IT team:

  • What is needed from cloud today? What will be needed in 18 to 24 months?
  • What services can be placed in the cloud first, second and last?
  • What cannot be placed in the cloud?
  • How is cloud defined? Private? Hybrid? Public?
  • What will be the business advantage?

These questions help establish the parameters of cloud service delivery.

2. Ask: Is there a back out strategy? What are the deal breakers?

These questions help ensure that you don’t get painted into a corner. A commitment to cloud impacts service, equipment, personnel, licensing, governance and overall development of an IT organization. A back out strategy ensures that potential risks are adequately considered.

3. Figure out TCO and ROI

Calculating total cost of ownership (TCO) and return on investment (ROI) is part of developing a cloud strategy. However, it’s important to know what’s included in the calculation, including unseen costs. For example, equipment that has no book value due to depreciation can still be used inside an organization. By understanding how TCO and ROI are calculated, you can understand where the break-even point is when shifting from capital costs to utility billing. Cloud becomes part of the equipment lifecycle planning process.

4. Consider the CSP’s transparency

Is vendor transparency in line with your business’ need for risk mitigation, compliance and auditing? If your IT organization is tied into the corporate risk matrix, cloud vendors must exceed these metrics.

Different industries, regions and countries have varying rules about data privacy, location, legal access and more. As data travels beyond the immediate control of a dedicated IT organization, the need for protective assurances grows.

5. Test, audit, verify and test again

IT leaders need to understand policy, process and metrics surrounding organizational resiliency, continuity and disaster recovery. That means you should have testing and auditing procedures in place to verify your CSP’s assurances. Does the provider conduct internal and external tests and audits on services that align with your compliance needs? How are threats and resource vulnerabilities identified? If there’s an intrusion, does the vendor have a policy for communicating the nature and outcome to you? Does the provider have documented certifications and audit reports?

6. Cover data management and security

Data management and security require stringent questioning of cloud service providers and an understanding of your organization’s maturity. Is cloud an appropriate delivery system? If data is co-mingled with other data, is there a security concern? Who owns the aggregated or summarized data? What is the on-boarding procedure for your staff and the provider’s staff? Does it align with your security and compliance needs? Is access available per your requirements?

7. Make sure your CSP’s infrastructure is solid

Any decent systems engineer will shout that all security begins with infrastructure. Access to data or applications only happens if there’s been a breach of the infrastructure. Therefore, these questions should be high on the list to ask potential CSPs:

  • Are architectural designs available?
  • What are the elements of change management?
  • How is system security designed?
  • What are the internal and external systems of monitoring and reporting?
  • How is equipment managed?

8. Decide where the responsibility line is

When multiple vendors are involved, finger pointing when something goes wrong becomes a favorite pastime. Some entity must either arbitrate or accept the responsibility for managing the other vendors — and this makes vendor transparency even more important.

CIOs may be aware of the resources being managed in-house, but they need to be even more aware of resources being managed in the cloud. Asking the right questions is a major part of a CIO’s job, so hopefully this list will get you started.

If you’re looking for expert guidance on your cloud transformation, the IBM Systems Lab Services Executive Advisory Practice is a group of experienced management consultants who can help.

Reach out to IBM Systems Lab Services today. Email us to learn more.

Share this post:

Share on LinkedIn

Add Comment
One Comment

Leave a Reply

Your email address will not be published.Required fields are marked *


Frank Heard

Based upon my experience in this area designing Managed Services Solutions, this is an excellent guideline to follow.

More Cloud computing Stories

Why slow is the new down

It wasn’t too long ago when a kiss of death for a company was if their platform went down for hours or days.  It was a company’s biggest nightmare.  Unfortunately, in today’s fast-paced society, being down is a fraction of the worry.  Now it’s all about speed: speed to market, speed to respond to customers, […]

Jewel mining in the cloud: Expose the value in existing applications

Imagine a world where people walk by precious jewels because they’re caught up following a crowd and not observing their surroundings. This scene describes what is happening in today’s IT world. Most organizations are so focused on using cloud technology that they’re missing both the hidden jewels that currently sit in their data center and […]

SUSE offers elastic pricing for Enterprise Linux on LinuxONE

The push for customized offerings is found everywhere in the business world, especially in the IT systems that underpin organizations. Companies want to choose the resources that best meet their needs, and they want to make the most of their IT spending on those resources. When we launched IBM LinuxONE in August, providing companies a […]