How to Choose Your Cloud Service Provider
Selecting the right cloud service provider to trust with your infrastructure, critical applications and sensitive data can be a difficult process. These guidelines can help you make the right choice.
Mon, February 27, 2012
CIO — Many organizations have now gone so far as to dip their toes into the shallow end of cloud computing, and many more are thinking about testing the waters. Other organizations have jumped into the cloud with both feet. But whether you're wading in or fully immersed, properly vetting your cloud service providers is essential.
A recent study by IT industry association CompTIA found that even though many organizations are concerned about the security of their data in the cloud, a minority of companies perform a comprehensive review of their cloud service providers before sealing the deal.
"Despite some of the concerns, only 29 percent of the companies in the study said they engage in a heavy or comprehensive review of the cloud service providers' security practices," says Tim Herbert, research vice president with CompTIA.
That's a mistake, says Charles Weaver, co-founder and president of the MSPAlliance, a 15,000-member strong organization that serves as a certification and standards body for managed service providers (MSPs).
"Our chief concern right now is that we see a lot of new service provider entities who are coming into the scene with almost lax attitudes toward how they construct and deliver services," Weaver says. "They appear to be mostly on the cloud side."
Weaver explains that these service providers tend to fall into two camps: organizations at the SMB end of the spectrum that market themselves as providers of end-to-end solutions but are actually resellers, or service providers that are unaware of the standards established by MSPs long before the term 'cloud computing' was coined.
Weaver says organizations considering a cloud service provider should look for three things:
- Trust. "They've got to trust them," he says. "That comes through an affinity. You have to like the company and the principles and the people you're going to be working with. It's a very intimate relationship. There's got to be a mutual respect and trust to work together."
- Technical expertise and understanding. The cloud service provider has to be proficient with both its technology and understand your business. "They have to have an understanding of what you're looking to do and match that up with their technical expertise," Weaver says. "If you're a CIO of a bank and you need to outsource some strategic element of your IT, your MSP needs to understand both banks and whatever it is that you're going to outsource."
- A third-party compliance audit. Cloud service providers need to be able to show that they can live up to the promises they're making. "This is a world where you go through more scrutiny and ongoing regulation to cut hair than you do to manage a corporation's sensitive data and that of your end users," Weaver says. While he doesn't believe more government oversight would be helpful in the cloud services space, he does believe organizations should verify their providers' capabilities with an audit.