Many people fall into the trap of choosing a cloud provider based purely on price and features – it’s easy to forget that your data will be sat in a data centre somewhere, so you ought to be asking all the same questions that you would ask a colocation provider.
If you’re dealing with a cloud provider rather than the data centre owner, make sure you question exactly where your data will be sat. Where is the data centre? Are there any resilience failovers in place which could see your data replicated or backed up to a secondary location? If so, does this meet your requirements in terms of data sovereignty? Some platforms could replicate your data to a data centre in Europe, or even further afield and with Brexit in mind, could this affect any particular data protection legislations that you need to adhere to? – This can be of particular importance when handling financial or medical data.
When we think about cloud security we tend to think about cyber security, but your cloud platform will be sat in a data centre so the physical security of the facility is just as important. Ask your cloud provider to confirm which security controls are in place. You could also ask for a tour of the data centre facility, if geographically feasible. Any good data centre provider would be pleased to show you around. Look for a wide range of security controls including on-site manned security, 24-hour CCTV monitoring, biometric scanners and swipe card access, and perimeter defences such as fencing, infra-red tripwires and mantraps.
Ask questions about your provider’s uptime track record and the resilience and redundancy measures that are in place. What steps have been taken by the data centre provider to avoid human error and to protect against fire, theft, flood and security breaches?
What is the data centre provider’s uptime SLA? In case of power outages, what level of UPS redundancy is available from the data centre? In case of network outages, how diverse are the network connections to and from the data centre? Does your cloud live in an area with a high environmental risk profile? Would it be possible for you to retrieve your data in the event of an outage?
You cloud provider should have a support contract in place in order to solve performance and availability problems within the shortest possible time frames. Question this – what are the support hours, is the helpdesk UK based and if you’re moving from another provider, what kind of migration support is available.