by Bill Abram, founder and president of Pragmatix
Moving to the cloud requires a significant investment in a company’s IT infrastructure. While there are numerous benefits such as fully virtualized servers, automated hourly backups, secure hosting and built-in disaster recovery plans, it is crucial to read and understand the fine print. Before transitioning your company’s data to a cloud solution, ask these seven key questions of your prospective provider:
Is your data really private? Some companies make extra money by selling client information to business partners and email list brokers. Other companies opt to keep that information confidential. When choosing a cloud service provider, review the company’s privacy policy to understand how they gather, use and manage both your data and personal information. It is beneficial to review multiple vendors’ privacy policy to find the one that most appropriately protects your sensitive data.
What do the “Terms of Service “really mean? When purchasing a cloud solution, your company will need to agree to the vendor’s Terms of Service also known as Terms and Conditions, before the system is implemented. It is critically important to read and understand these parameters. Failure to comply with these terms can lead to account termination.
Two key components to look for are data ownership and notification policies. When choosing a cloud solution provider, look for one whose terms affirm your company’s ownership of the data and specify your right to get back the data that you are storing on their system. In addition, avoid providers who state they can update the terms without notifying you. Believe it or not, Yahoo! is one company with such a policy.
How can my company use the cloud solution? In addition to Terms of Service providers have “Acceptable Use” policies. This document clearly defines who your company can use the provider’s solution. It includes prohibited behaviors, such as hacking and spamming, and the penalties for such violations. Your contract may be terminated or you may incur penalty fees as a result of the violations. This is another document that can change without notifying the client, so be sure you fully understand the policy before signing on with the vendor.
How secure is my data? Considering your data will be stored in an off-site location owned and operated by another company, it is imperative to contract with a vendor who you trust. Take the time to research your provider’s security capabilities and ask for references. Failure to complete your due diligence can prove disastrous.
When completing your due diligence, consider both the physical security and logical security being employed to protect your data. Some companies may have armed guards protecting the data backup center, but no encryption on their services. Another vendor may have cutting-edge encryption on their servers, but have their systems hosted in a garage. Understanding these differences is key to ensuring your company’s data is secure.
What is the long-term availability and reliability? Surprisingly, many cloud providers omit uptime guarantees or service-level agreements from their contracts. This is a key piece of information for understanding how reliable your cloud solution will be.
The gold standard is 5 nines, or 99.999 percent uptime, which translates to one minute of unplanned downtime per month. While this is not a guarantee of reliability, it reflects the provider’s commitment to its customers. Review your contract with the provider for a clearly defined protocol if downtime or performance standards are not achieved. While this protocol should have a financial penalty attached to it, beware of penalty exclusions and make sure you are comfortable with the criteria.
What disaster recovery services are included? Although cloud services operate from a data center, automatic fail-over and disaster recovery services are not standard features. In many instances, these are add-on services that are purchased separately.
Before signing-on with a cloud provider, get a copy of the company’s disaster recovery process and fail-over capabilities in writing. Scrutinize the document for the level of protection offered. Be sure that both the Recovery Point Objective, how much data might be lost, and the Recovery Time Objective, how long it will take until services are restored, are clearly outlined.
Is the termination clause completely transparent? Termination clauses should be read very carefully. Having a transparent termination clause that you fully understand will protect your business in the event that you wish to end your contact prematurely. If you choose the wrong provider and don’t fully understand the termination clause, you could literally end up paying for your mistakes in the form of substantial money for a “buy out.”
When evaluating whether or not a Cloud solution is right for your business, read the fine print and know exactly what you are agreeing to. While the Cloud can offer businesses both cost savings and enhanced accessibility, choosing the wrong solution or the wrong provider can negatively impact a company’s IT infrastructure.
Bill Abram is founder and president of Pragmatix, which helps nonprofits, corporations and small businesses use information technology to improve business performance. An industry leader, Bill frequently shares his insights on IT trends and best practices on the Pragmatix blog.