13 key factors in selecting the right cloud provider
As healthcare organizations move data and applications offsite, it becomes increasingly important to assess all costs and risks.
13 key factors in selecting the right cloud provider
A variety of organizations, including those in healthcare, are turning to the cloud to store data and cost-effectively host applications. The scalability, agility and cost model enables IT teams at healthcare and other organizations to redirect more time and effort at accelerating strategic initiatives rather than managing and maintaining costly infrastructure investments.
However, that reliance on the cloud for mission-critical hosting makes the selection of a cloud service provider more important than ever, according to iland, a global cloud service company that provides hosting for infrastructure, disaster recovery and backup as a service.
Organizations should evaluate cloud choices by assessing compatibility, accessibility, visibility, resiliency, security and support—as well as accurately gauging any indirect or “soft” costs that will result from the switch. The following 13 factors are a key to evaluating cloud providers, iland contends.
Software and hardware technologies the cloud provider uses
Are they using the same hypervisor? This is important to maintain compatibility with what you have today and to allow the transfer of existing skill sets. If not, retraining could be a hidden cost. Also, are they using similar, or better, enterprise-grade compute and storage infrastructure? An organization must rely on the cloud provider’s infrastructure to be as high-performing, resilient and reliable as the equipment it would install in its own data center. Reliability depends on the equipment being used at the network layer, and the service level agreement (SLA) of the cloud provider should guarantee high availability.
Assess the environment—shared (public) or dedicated (private)
Cloud provider have different options for cloud-based infrastructures. If an organization chooses to place its environment in a shared platform, it’s sharing resources with other tenants. It may not mind placing lower-tier applications or development systems in an environment that may not guarantee full resource availability in trade for a lower cost. For more critical applications, an organization may want verification that the cloud provider is not oversubscribed and can meet workload demands; the need for complete control indicates the need for a private cloud.
Management of the cloud environment
An organization looking at cloud providers must understand and be comfortable with how it will engage with and manage the environment. Is it self-managed, so additional machines or networks can be added on the fly, or does the cloud provider manage these things for you? Both options have their advantages, but both also have different cost points.
The level of transparency and management vs. on-premises
When an organization moves to a cloud provider, the IT team may no longer have visibility into storage metrics, hypervisor utilization or even network topology. An organization thus should assess the tools it needs to have insight into the environment to deliver business value. Alternatively, it should evaluate the risk and impact of not having management capabilities and visibility. It is important to understand which tools the vendor provides, from remote access via VPN all the way up to an integrated console.
Migration options for moving to the cloud
It’s important to know how an organization will migrate into a new environment with the least amount of reconfiguration and change. Matters for consideration here include what will be moved, how it will get to the cloud, what technologies and tools the provider will use in assisting during the transition and whether a managed migration service will be provided.
Support for third-party networking capabilities
As more organizations embrace the hybrid cloud, they want to leverage the network providers they use on premises within their cloud solutions—this lessens the overhead of having mixed technologies and mixed skill sets. An organization should ask a cloud provider what technologies are supported and who manages those systems. Are devices provisioned or is self-service deployment required? Is it virtual or physical? And who manages the device after installation, including problems with connection issues?
Co-location or physical use of equipment
Often, IT organizations have legacy physical equipment, or a requirement exists to keep specific networking and security infrastructure physical. If this is important to a cloud strategy, an organization should evaluate cloud providers based on their ability to house that equipment.
Automation tools and integration into existing workflows
A cloud provider should be able to tell what automation tools are available that can enable an organization to continue using a majority of existing workflows. Important details to determine include whether the provider has a public API, and whether there are available automation or reporting tools.
Backup and resiliency at the platform layer
Before switching to the cloud, it is important to find out how systems will be protected, both from a fault-tolerant level to backup and recovery. Understanding how backups and disaster recovery are managed and align with current data protection strategies will go a long way in ensuring that data is properly protected. Details to consider include whether an organization is expected to provide its own backup software or whether the cloud provider offers a solution; who has control over the frequency of backups; whether recovery is self-service and easy to do, or if the cloud provider must get involved; and whether file-level or application-level recovery is provided. The SLA for recovery sets the tone—if the price is cheap, but recovery can take a few hours, that may put healthcare operations at risk.
The ability to leverage disaster recovery between multiple locations
The data center of a highly redundant cloud service provider rarely will experience an outage. However, it is far more likely that the traditional causes of implementing disaster recovery will occur—user error, software errors and even ransomware can happen in a cloud environment. In those cases, the organization contracting for cloud services needs a quick way to recover, and, in some cases, this is where its disaster recovery strategy comes into place. It may take hours to recover from a backup, or that backup may be half a day old, so appropriate contingency plans are essential. By leveraging a cloud-to-cloud disaster recovery solution, an organization can fail over to another location and be up and running quickly.
Gauging compliance and security in the cloud
It is increasingly important to think about security and compliance when running both on-premises and cloud workloads. When implementing a hybrid cloud environment, an organization must make sure that it evaluates whether the cloud providers under consideration include built-in security and compliance tools that are available on the cloud platform itself—those tools must be as robust as, or even more than, what it currently has in its data center.
An organization also should clarify the distinction between the compliance necessary for its data and the compliance that the cloud provider brings with its environment. Understand where the line is and how an organization can work together with the provider to maintain its security and compliance requirements. For example, in healthcare, a cloud provider should commit to adhering to applicable compliance regulations and standards, upholding them in accordance with HIPAA, HITECH and other regulations. It should sign a business associate agreement and incorporate language covering applicable business associate obligations in the contract. Other important aspects include having compliance technologies, reporting capabilities and compliance-oriented customer support.
Support for customer success
Cloud providers become an extension of an organization’s IT team, partnering on new, existing and upcoming IT projects. Support for cloud infrastructure—like support for any other piece of hardware or software—can often make or break a project. Important determinations include how support can be accessed; if there is a ticketing system or if support can be directly called; what the SLA is for support, and if support access is tied to a certain level of pricing or spending.
Available cost models and how to monitor billing and cost information
Because pricing approaches can vary widely, organizations must make sure the cost savings in infrastructure and data center management aren’t lost due to inefficient cloud pricing structures. Moving to the cloud requires a careful audit of how much an organization actually needs to use so that it can size its cloud deployment correctly and ensure that it pays for exactly what it’s using. Understand the environment with monitoring tools and find a provider that doesn’t lock the organization into certain packages.
Mixed pricing model enable enterprise IT organizations to maintain fixed spend, but also leverage on-demand resources when needed. Know the difference between on-demand burst pricing and fixed pre-paid pricing, and know what fits best for the organization. With a cloud-based cost model, it is vitally important to have clear visibility into what resources are being using and understand how that affects billing. Ask potential providers if they have historical consumption metrics that can help in analyzing and understanding bills.