Adoption of cloud services has picked up momentum over the past year and continues to accelerate as organizations strive to take advantages of the benefits that both public and private clouds offer. In order to help you get the most from your relationship with your cloud provider, we’ve developed 5 questions that will help you evaluate a cloud services provider:
Can I see a detailed Service Level Agreement?
Knowing the terms of your agreement is the first step to ensuring you’re getting what you want from your cloud provider. This is the best way to verify that you’re truly paying for the services and solutions you need. Review the cloud agreement carefully for any parameters that seem unreasonable such as excess storage or egress fees. It’s also important to know what the expectations are for responsiveness, uptime, and how disputes will be handled.
What kind of equipment is your cloud infrastructure built on?
One of the secrets of the industry is that all clouds are not built alike. Remember that at the heart of a “cloud” is a system of servers, storage, switching, and security. Many cloud providers skimp on equipment in order to increase their margins. No-name equipment with legacy technology are red flags. Make sure your critical data and applications reside on equipment that has the performance, scalability, and security to match your expectations.
How secure is our data as well as the data center it resides in?
Your data should be protected by a layered approach that includes both physical and logical security components. The data center should have measures in place to restrict access to a specified list of authorized personnel. In order to gain access, identity should be validated by at least two factors (such as fingerprint and access code) All access should be recorded and documented in some manner as well. Logical security measures include Next Generation Firewalls (NGFW), antivirus protection, encryption, and monitoring for suspicious activity. All security measures should be validated on a regular basis for compliance, and you should be able to review this validation.
Are you SOC 2 Compliant?
The SOC 2 program certifies that processes, procedures and controls for security and availability in its private cloud have been formally evaluated and tested. The attestation recognizes that the provider’s cloud is protected against unauthorized physical and logical access and that the system is available for operation and use as committed or agreed upon. SOC 2 compliance is recognized as one of the highest standards of cloud security and availability excellence in the IT industry. Carolinas IT completed their SOC 2 accreditation in 2015.
What happens when a client needs to pull data out?
Some cloud providers make it very difficult and expensive to pull data out of their cloud. Some providers charge you to pull data from the cloud – and it can be an expensive cost you may not have expected. In addition to unexpected fees, other providers may make the process cumbersome and frustrating due to lack of cooperation.
Carolinas IT has a variety of flexible and scalable cloud solutions for your business. Contact us today to learn how we can help you seamlessly migrate to the cloud.