This post is sponsored by cloud consulting firm Trek10, who support businesses by migrating their data to the cloud and protecting them from security threats. All content and views expressed are those of the participants and do not necessarily reflect those of Trek10. If you would like to sponsor news coverage of tech companies and trends in your industry or region, please contact the editor.
We’re wrapping up this series on cloud security and cloud computing trends with an article that startup founders and business owners have been asking more than ever this year: What do you look for when hiring a cloud services provider?
7 Questions To Ask When Looking for a Cloud Services Provider
Seven questions to ask when choosing a cloud computing provider, include the following highlights, according to ThreatStack and ISG Technology:
- How does the provider handle cloud security?
- How does the provider handle compliance?
- What is the architecture for the services provided?
- How manageable is the setup and how do you access the cloud?
- What services and service levels are available?
- What is the cost structure and how much does each service level cost?
- What kind of support is offered to your team?
How does the provider handle cloud security? This is an important question to start out with. If you’ve already read our tips on how and when to hire a cybersecurity team, start here. Security affects your team in the following scenarios:
- your team is working remotely and exchanging files and needs to collaborate and keep data secure
- your company is working with multiple pieces of software that need to work together securely
- your company is developing software that needs to work securely for your customers
When you’re looking at cloud services, look at what your security needs are, and make sure the provider covers those bases. You also want to find someone who can recommend what you might not know you need to cover all your assets. A security assessment from a cloud services provider is a good place to start.
How does the provider handle compliance? Whether it’s your customers’ health data or logins that need to remain secure or your development of software that needs to comply with regulations for data privacy, make sure you ask questions about a potential service provider meeting compliance standards. They should be able to show you that they follow compliance standards such as PCI DSS, HIPAA, and ISO 27001, which offer recommendations for protecting data and improving infosec management. Want to learn more? Here is a more complete list of security compliance standards for different types of companies. More importantly, your cloud services provider should be able to recommend compliance standards you need to meet and know how to make sure you’re covered.
Cloud Services Architecture
What is the architecture for the services provided? Architecture of your cloud-based assets can determine how cost effectively you can work on the cloud, and have a lot of other implications as well. If you would like to learn more about different architectures for cloud assets, you can read up on the differences between IaaS, PaaS, and SaaS, or information as a service, platform as a service, and software as a service. Chances are if you’re already working in a tech company you’re familiar with these terms, and just need to be sure that your cloud services provider is as knowledgeable than you are about how your assets should be structured so they can help you be more efficient even within those structures.
How manageable is the setup and how do you access the cloud? This might come down to how your company is currently handling architecture, or how much time you have to manage your cloud assets and security in house. Manageability asks: how much will various cloud platforms require from you time-wise to manage them? If you can find a cloud services provider to advise you on this, all the better.
Service Levels and Structure
What services and service levels are available? CloudSLAs or Cloud Service Level Agreements lay out service level agreements, and should clearly lay out the structure of what services are being provided, as well as what’s required on your end to manage cloud assets and security in house working with your provider. Pay special attention to legal requirements for the security of data hosted in the cloud, to be compliant with GDPR and cover your bases if something goes wrong.
Cost Structure & Affordability
What is the cost structure and how much does each service level cost? We’re told by more than one cloud services provider that the biggest focus after getting companies migrated to the cloud has been restructuring their assets and services so that they’re not spending too much money on inefficient structuring. That means cost structuring needs to be front and center of your considerations as well as architecture. AWS and Azure have different cost structures: Pay as you go by hours used with volume discounts versus by hour, gigabyte or executions, depending on the product. Make sure you get the layout of what you’re paying for and what to expect to match your usage patterns.
Support for Cloud Services
What kind of support is offered to your team? This is a big question, because it means finding the best fit for your in-house team. Cloud services and security services run the gamut from full-service to an adjunct team responding to security threats or outages. Do you want help through a chat or service center, or through a proactive team on call 24/7?
If you’re looking for an assessment of your cloud-hosted assets or security, our sponsor for this series, Trek10, is offering a free cybersecurity assessment to Cronicle readers this month. Thanks to Trek10 for sponsoring this series on cloud security!
Our thanks to Trek10 for their generous sponsorship of news coverage in the cloud computing and cybersecurity space. To learn more about advertising and content sponsorship opportunities with Cronicle Press Tech News, please visit our Sponsorship page or contact the editor for more details on sponsorship opportunities.