Moving to the cloud is, above all, a matter of trust: a company must trust that its cloud provider will deliver on the promised availability, honor agreements, enforce the proper security measures, and respect all privacy issues. To establish trust, fully knowing and understanding your cloud provider is fundamental.

To really get to know your provider, there are four key elements to take into consideration: security, technology, costs and risks. In my previous post, I suggested the questions you should ask regarding security and technology. Today, we’ll tackle those related to cost and risk. I’ll focus on the main concerns when considering a cloud provider, especially for the infrastructure layer.

Costs

After security and technology, cost is the third point that anyone must consider when selecting a cloud vendor. Cost reduction (or at least cost optimization) is one of the great promises of cloud computing. In order to achieve these promises, however, properly understanding the cost structure of your cloud provider is fundamental. Two good examples of this importance are storage and networking.

What is the provider’s cost structure? How does it charge for different resources?

With storage there are a few different ways in which cloud providers charge you for storing your data. First, there is the cost of storage itself. Some cloud providers will allocate some storage space for every cloud server that you create, and this space will change according to the size of the server being created. Larger servers get large HDs to work with, while smaller servers get less storage space. Other providers simply let you allocate whatever size of disk you want to your servers, giving you no internal storage space. Yet others will allow you to add additional space to whatever you are already getting. The point to keep in mind is that, for some providers, internal storage space is already factored into the cost of the server itself, while for others this cost is in addition to whatever you are paying for computing resources.

With networking, a similar principle applies: the most common practice is for the cloud provider to charge you for outbound data, but not for inbound data. Some providers will charge you for both, while others will charge you for neither. Another important factor with respect to networking is that most providers won’t charge you for data that is exchanged between servers on the same data center, but only as long as you are using the private network, and not going over the Internet. While it may seem unimportant, depending on your workload and your applications, bandwidth costs can become a significant factor.

How does the billing cycle work? What are my payment options?

Understanding the cost structure, and how it will apply to your systems, is fundamental, but it isn’t the only side of the cost issue. The other side is to understand how billing works. Cloud services billing can be so complex that there are already companies out there whose sole service is helping you understand and better manage your cloud bills. While most providers offer the famous “pay-as-you-go” hourly rate for their resources, they will also often give you additional options, such as “reserving” computing capacity upfront (with a large initial payment) in exchange for much lower hourly rates in the future, that can translate to significant discounts. While it may seem obvious that you need to understand what you are getting for the price you are paying before signing a contract, many people are still surprised by their service charges when the first charge comes in.

Risk

Finally, you have to consider the risks involved with any cloud provider, and more importantly, learn how to avoid risk. The top two risk-factors with any cloud provider (in addition to security, which we’ve already covered) are regulations and SLAs. Regulatory and legal risks of moving things (systems, data, etc.) to the cloud are among the most overlooked ones, and yet can be the most expensive ones to remedy in the future.

What legislation do I need to be aware of given this provider?

When choosing a cloud provider, it is fundamental to look at where your workloads and data are going to reside, and understand which laws and regulations may apply (or not). Some countries expressly forbid their citizens’ private data from leaving national soil, while other countries may have laws in place that, if leveraged against your cloud provider, may force them to disclose information that actually belongs to you. Getting familiar with legislation is a must for any company looking to move sensitive data to a cloud environment.

What kind of SLA and compensation does this provider offer?

Service Level Agreements (SLAs) represent the other side of the risk issue. SLAs are in place in order to protect you in case your cloud provider fails to deliver on one (or more) of its promises. While most SLAs are related only to availability – how often, if ever, you are going to have problems accessing your resources – some also take into account the replication and backing-up of data, as well as other factors. Most cloud SLAs aren’t really straightforward, and most providers will differ in terms of what is covered, what is the availability level, what kind of compensation is provided, and so on. Understanding the details of your SLA may seem like a boring task, but it’s a necessary one.

Recap

Going back over these four key points, we can summarize the things to keep in mind about cloud providers in the following set of questions / issues:

Security

  • What security certificates does the provider currently have? Which ones is he trying to achieve?
  • What is the provider’s client list? Who are its most security-minded clients?

Technology

  • How simple is it to move stuff (workloads, data, etc.) into and out of the provider’s cloud?
  • What is the provider’s vision for the future? What is its roadmap and evolution plans?

Costs

  • What is the provider’s cost structure? How does it charge for different resources?
  • How does the billing cycle work? What are my payment options?

Risks

  • What legislation do I need to be aware of given this provider?
  • What kind of SLA and compensation does this provider offer?

Answering these questions will not only allow you to better understand potential cloud providers, but also provides a basic framework with which to compare them against each other and evaluate which one can provide the best service for your company. Once again, if there are elements you think I’ve forgotten or overlooked, please share on the comments.