The battle cry these days from many technology companies is to “go to the cloud.” Experts say that the cloud may be safer, cheaper or more productive. Considering all these benefits, choosing a cloud service provider is often a critical decision. You're basically handing them the key to your company’s front door, and that choice may directly affect your company every business day.
While security should be a chief concern for any technology solution, there are many issues to think about. Here are the top 10 questions to consider before choosing a cloud provider:
1. What service is being purchased, and what is the pricing?
It may help to be specific about what the vendor is actually doing for your company and what the cost is based on: data size, data usage or number of users. Be careful of large upfront costs, since you probably only want to pay for what you use. In addition, can the cloud provider scale up to economically meet your company’s needs as it grows?
You're basically handing them the key to your company’s front door, and that choice may directly affect your company every business day.
2. Who owns the data?
Some providers use the data and resell it or scan it for advertising purposes. Google Drive, for example, can use a customer’s data to target advertising. If this is a concern, consider a provider that states in its terms of service that it won't do this.
3. Who can see the data?
The term "public cloud" may be misleading, because data is no more "publicly" available than it would be on a server at the office. Consider having appropriate and granular privacy controls in place to only let certain people within your organization access specified data. As your company grows and becomes more departmentalized, this may become even more critical. In fact, many cloud services actually make it much easier to manage access to specific files or data on a user-by-user basis.
4. How secure is the data?
There are two issues here. Is the data getting backed up? If your company uses a system to back up your files, how is that service protecting from data loss? The second question is, how secure is the data from a security breach? Security protections may take the form of not only hardware and software precautions, but also the physical security of the provider’s datacenters. Verification by independent auditors of these procedures may help. And how will your company be notified if the data is breached? What procedures does the cloud vendor have in place if it happens?
5. Where is the data actually stored geographically?
It may be helpful to know if the information is in the U.S. and, if not, how laws of another country might affect use of the data. Ideally, the location should not be a place prone to natural disasters. Knowing the type of center where the data is may help answer more of the security questions described above.
6. Does the cloud vendor enforce hard passwords?
Many users are lazy and may pick an easy password to remember, or never change it. This may become a glaring weakness in data security, since password breaches may be more common than cloud server hacks. It may help if the cloud vendor forces more complex passwords that change at least every 90 days.
7. How can your company get the data out?
Your business may not be using the cloud provider forever. It may be critical to have the right and the knowledge of how to get your data from the selected vendor without their assistance. This is important so they can’t hold the data "hostage” for any reason. In addition, how much time does your vendor give you to get your information out after the service agreement has ended and before the data is deleted? The format the data can be retrieved in may also become critical, because if it comes out in an unusable file type for your company, it may be meaningless. The format may be in a relational database or something as simple as a CSV file.
8. Will your company always have access to your data?
Or is it limited by bandwidth or time due to maintenance? If there is a service interruption, does the provider also provide desktop versions of the software used? What type of customer support do they offer and what is their time commitment to resolution?
9. What uptime does the provider commit to?
Some vendors commit to 99.9 percent uptime and back it up with a financial commitment if they don't meet that standard. Carefully look at the cloud provider’s history of uptime as a decision making guide.
10. How will your company be informed of service changes?
If the service guidelines change, how far in advance will your business get notification? Any changes could have a large impact on your company.
It can be fairly easy to make an informed decision, as the answers to many of these questions can be found on cloud providers' websites. IT consulting partners may also be a great resource for choosing the right fit.
Read more articles on digital tools.
A version of this article was originally published on August 11, 2015.