– Vidur Apparao, CTO with LiveOps (www.liveops.com), says:
Understand how your cloud provider calculates availability
Many cloud technology providers provide Service Level Agreements (SLAs) around availability. However, make sure you understand how your provider actually calculates availability – five nines may not always mean what you think it does. The key is to clearly understand how your provider defines “downtime.”
- Some providers take “planned downtime” for maintenance or upgrades on a regular basis and don’t count this period in their availability calculation. If you are running a 24/7 operation, any downtime – planned or otherwise – will impact your service. A cloud provider should be able to maintain availability through maintenance and upgrade operations.
- A provider may not consider their service down for SLA calculation purposes unless it is completely down. There are times when a cloud platform could experience isolated delivery problems, but this may not be counted against your cloud provider’s availability. A provider’s SLA should reflect how well the provider is serving you and your users.
- Finally, a cloud technology provider may use network, infrastructure or platform services from its own vendors and partners. Some cloud providers do not take responsibility for the availability of these third-party services, even if they are critical elements of the primary service. A provider’s SLA should cover the availability of all of the services on which it depends.
Security is Not An Afterthought but Well-Thought Out
From: Niall Browne, CSO, LiveOps
Compliance with industry standards as well as a consistent, laser focus on security should be top of the list. Insist on understanding the security components and best practices of your cloud provider.
Cloud should be the catalyst for companies to build the next-generation of security, and not an excuse to provide weaker security to clients. Clients that are considering utilizing the cloud should expect and demand all of the security controls that an on-premise provider can provide and more. After all, the cloud provider has the opportunity to build on newer, more secure technologies and infrastructures. Asking the right security questions and ensuring that you get answers that you understand and are comfortable with are critical. If you ask a cloud provider “Where will my data be stored?” and they respond with the quintessential “It’s somewhere in the cloud” rather than provide a detailed answer, then you should consider selecting another cloud provider. There are plenty of cloud providers that consider security critical to their success – ensure that you do your due diligence as a client and select the right cloud provider for you.