It should be no surprise: cloud providers have quickly become the platform of choice for IT-savvy organizations. In the last couple of years, more and more organizations jumped ship and started to migrate their applications from on-premises data centers to the public cloud. Other organizations adopt SaaS services at a rapid pace. One of the biggest questions to ask yourself is: which cloud provider is right for your organization? How do you choose the right cloud provider?
In this article, we’ll explore some important considerations to choose the right cloud provider for your business’ needs.
Before you sign up for an account, you need to write down your requirements. Ask yourself which requirements fulfill your organizational needs. Requirements should be from a business perspective as well as the technical domain. Without them, you can’t make the right choice, since the cloud landscape evolves so fast and the number of offerings is quite diverse. Starting with the organizational perspective also helps to prevent you from comparing different cloud providers against each other.
- What does your business look like now and in the future? Operating your business in the cloud presents new (technical) opportunities you currently don’t have. However, it also poses more challenges that push your organization into multiple directions. Try to answer this question from multiple perspectives: “what will be the impact of the cloud migration on my organization and my business objectives” and “how can I leverage the cloud offerings to strengthen my business strategy”.
- Do you need a great level of control over your infrastructure and applications or can you shift this responsibility to the cloud provider? Choose between IaaS, PaaS and SaaS or a combination of these main categories. Don’t forget the hybrid cloud approach in which you have a fast and secure connection from your on-premise datacenter to the cloud.
- What are your timelines? If you only have a couple of months and you have pretty limited cloud experience, it might be unrealistic to migrate your complete infrastructure landscape, your applications and implement all of the needed processes.
There are many more requirements; the list is never complete and continues to evolve. Focus on the things you absolutely need as a bare minimum. If your requirements are wrong and you chose the wrong cloud provider, you’ll face high costs to switch to another one. More on this in the section about “exit strategy”.
Technical features & roadmap
Suppose you have defined the requirements for your technical architecture. Make sure this is aligned with your organizational roadmap. Your roadmap drives your business, but when moving to the cloud, it can also become the other way around. IT-oriented organizations adjust their roadmap or even redefine them according to what cloud technology brings them. The desired architecture should fit in and you should set clear goals on when to achieve those. It helps you to measure progress.
Carefully consider the following as a starting point:
- What is the adoption speed of new features of the cloud provider of choice? A cloud provider can be specialized in a specific technical feature but runs behind the ones which you really need. The adoption rate for the main feature you require should be sufficient for your needs.
- What is the maturity level of the features you intend to use? Azure, for example, provides a clear overview of preview features which will become generally available later on. Be careful, your workloads might be very critical and preview functions which change a lot might not be a viable option for you.
- What are the integration points of the intended services with third-party tools? For example, you need to connect your Kubernetes clusters to a customer management tool which is at the heart of your organization. This should be very well supported and all according to standards you can learn or adapt in a timely manner.
Prioritize & organizational change
Prioritize the features you require. Don’t expect to have a full list, but focus on the features which are of utmost importance for your business sustainability. Simple methods like classification based on MoSCoW can help to prioritize them.
How will you change the way your organization works? At a minimum, you should implement a platform team. This is the linking pin between your business department and the chosen cloud services.
Security has always been a very important aspect to consider. This was especially true in the early ages of the cloud, but it still remains relevant today. The cloud infrastructure landscape is complex and evolves every day, consumers have a ton of services and options to choose from. Furthermore, the line between the responsibility of the cloud provider and the consumer is sometimes blurred. All of this makes it hard to keep a close watch on the security aspects. In addition, the number of breaches and vulnerabilities grows every day. When a hacker compromises your root account, your business is in serious trouble.
Very roughly speaking, think of the following rule of thumb:
Security of the cloud
Simply said: this is the responsibility of the cloud provider. They have to make sure the infrastructure is secure. It is easy to make human mistakes when configuring these resources, so always follow best practices and take advice seriously. A great example is how to use an S3 storage bucket in AWS securely: don’t do anything! The default security settings are most of the time suited for a lot of use cases, don’t change them without proper justification.
Cloud providers should comply with standards like the ISO 2700 series, NIST and CIS security. It is important they adhere to compliance controls (e.g SOC2, HIPA, GDPR, etc). Be sure to check for certificates, how these compliance controls are implemented and enforced.
Security in the cloud
Whatever you do in the cloud, it is your responsibility. Think of running applications on Virtual Machines, deploy Kubernetes clusters, or use Identity Access Management to control who can access which resources with which privileges. The cloud provider offers these kinds of services and gives best practices but it’s up to the consumer to make use of them in a proper way (e.g. follow the least privilege principle, don’t create a single (admin) account for all resources).
An interesting prediction from Gartner on this topic states that by 2025, 99% of the cloud security failures will be the customers’ fault. Responsibility for security seems to shift, also (almost all) major cloud providers already have a lot of the security controls in place. Yet another reason to spend extra time and effort in training your teams to take security very seriously.
Data data data
As data is your most valuable asset, carefully consider where and how you store it. Legal regulations might dictate your data is not allowed to leave the country, the cloud provider of choice should have a data center in the country in which you operate your business. In addition to this core aspect, think of the following:
- Which storage capabilities do you require (e.g. file storage or blob storage, noSQL databases, etc)?
- Do you always remain in full control of the data or does a third party has any say in it?
- Which law applies when storing the data in another country? Do you know your rights and duties?
Import & export
Once you have decided where to store your data, you should think about how to get your data in. A simple point of view just to export your existing data an re-import it in the cloud. This can be easy for a set of MySQL databases that are not too large to handle. But this is different when taking into account an entire datacenter. For example, Amazon offers AWS Snowmobile to migrate extremely large quantities of data in a secure way. Both into and out of the cloud.
- What is the upload speed to upload the data?
- How fast can you get your data out of the cloud and in which format?
- What is the price of incoming and outgoing data transfer?
Special care should be taken to your backups. Do you want to create offside backups or keep your backups within the domain of the cloud provider? Carefully check out what the options are and how you want to handle it.
By all means, the security of your data is a top priority. Take into account the following aspects:
- Does your data storage solutions require encryption? If so, what are the requirements: which encryption methods are available, who manages the keys (the cloud provider or your own organization). How to do key rotation, etc?
- Does the storage solution provide Access Control Lists (ACLs) to control who can access the data?
- Audits: can you trace back who has access to it which sections of your data?
- In terms of data transfer: can you securely transfer the data to and from the cloud provider? How is this being organized?
- What were the largest, most recent breaches of the cloud provider? What was the root cause, how did they respond and how did they fix the problem?
All of these are important considerations, it’s just to get your thoughts in the right direction. For sure there are many more.
Popular reasons to migrate to the cloud are: “cost savings”. This can be very well true, but two things are very hard:
- What are the initial upfront costs of the migration? There is a lot more involved than just lifting and shifting a number of VMs and operate the way you always did. Cloud transforms the way you work and when not adapting to that, your costs can become very high since your business can run very inefficient.
- What are the ongoing costs? When you leave your Virtual Machines running 24/7 but are underutilized, you better plan to switch those off when not needed. Or move to another compute method like containers or even serverless.
Cloud services are billed based on different units: price per hour or a minute or even seconds. This differs per cloud provider and per service. Some services are billed based on the number of requests in a given time or how much memory and CPU power they consume. Storage costs also differ per type. AWS’ S3 storage buckets come in multiple flavors, each with a different price tag. It is difficult to compare it with another cloud provider since they all charge resources a bit differently.
Reliability & performance
Every cloud service should offer reliable services at a decent speed. Some considerations:
- What is the guaranteed uptime percentage of the services you intend to use? What will happen when a service goes down? Should you handle fail-over yourself or does the provider offer ways to handle it. Where are the boundaries of responsibility? Do you get a reward in case they do not comply with their own Service Level Agreement. Perhaps that is less important to you, since it might not cover your costs of the downtime. In that case, you need to know exactly how to avoid any downtime.
- Is network latency at an acceptable level?
- What about unforeseen and unexpected changes which influence stability and availability. If there are a lot of these, consider using another service or move to a cloud provider which has a more solid approach to handle changes. Whatever the reason for changes are, it is vital that you should be informed so you are aware of the (potential) impact.
In case there are issues on the cloud provides side, how can you get in touch with them? Can you call them directly or should you file a ticket and hope for them to respond in a timely manner? It is important to consider the different levels of (paid) support to see if these matches your expectations and budgets.
Proper documentation which is clear and up to date always makes sense. An active community also helps to increase your knowledge. In case of urgent cases, it is still vital to have professional support.
Selecting a cloud provider is like selecting a soulmate. How bad it may sound, once you are married, you should also think of an exit strategy. Things can go wrong, you can take a wrong turn, or the most important service becomes very expensive in the future. You can adjust your strategy and reconsider your services and solutions, but it all comes with a price.
One key aspect to avoid a number of aspects here is to focus on portability. Your application supports portability if it can run in any cloud preferably using the same platform. A great example are containers: Azure offers Container Instances as a service, whereas Amazon offers Elastic Container Services. Both support your application to run inside containers but the way you handle the infrastructure part is completely different. This makes your application not so portable as expected.
Another example: serverless is great to run your code in the cloud without having to worry about infrastructure provisioning and maintenance. However, in case your application uses a lot of (cloud-specific) features, it is not as sexy as it sounds to be at first glance. Therefore carefully consider the integration points.
Avoid creating a vendor lock-in since it will very difficult and expensive to get out. In the examples above, you need to re-architect your application itself, the deployment configuration and all of the processes which are needed for the full SDLC.
Moving your data out
Sometimes, cloud providers make it very expensive to transfer your data out of their datacenter. Getting your data in is most of the time much cheaper than data out. Be sure to check this upfront and also consider the format in which you can get your data out.
As you’ve read in this article, there are a huge number of aspects to consider when selecting a cloud provider. A lot of aspects are not so obvious as it sometimes seems to be. I hope these topics have inspired you to take an informed decision. Good luck with your preparations and your cloud journey.