Customers often assume that because a cloud provider has a well-known name and big market presence, their data is therefore highly secure. Certainly the likes of AWS, Azure, and IBM spend huge resources on securing data, as does any cloud provider who is in for the long haul.
Because providers spend considerable money on expert staff and security measures, they are often even more secure than many of their customers’ data centers.
However, do not assume. Ask about physical as well as cyber security measures: is their data center certified for both? Do they operate redundant data centers in widely separated regions? How about encrypting data using customer keys?
2. Know your provider’s availability and durability policies
Cloud providers generally report 99.9% uptime or more. Clouds are built with redundant architectures to achieve good data durability. However, what is acceptable for cold storage may be unacceptable for active mission-critical data. The options you choose for your mission-critical ecommerce platform in AWS will be higher priced and stronger than what you pay Azure for their Cold Blob Storage. Know what you are paying for, and why.
Also be aware that even the best cloud businesses may manipulate their numbers to prove a point. Google, for example, declared that in 2016, they had the best uptime record compared to AWS and Azure. Microsoft in turn declared that since it has a lot more regions than Google, the true number would not be an overall uptime but uptime average per region.
3. Check your bandwidth
How fast can you transfer your data? Cloud providers heavily invest in high performance platforms for compute operations, less so for cool or cold storage. But they have little control over customer bandwidth, leaving it to their clients to know if their WAN can achieve performance and security levels for data-in-flight.
Depending on the types of workloads you are moving, your software may or may not contain native WAN acceleration features. Backup software commonly provides software-based acceleration, but software can only do so much for narrow bandwidth. Match your bandwidth to your SLAs, and if you need to buy bigger bandwidth.
4. Review Management Tools
Different customers need different levels of self-service management. DIY management isn’t necessarily the cheaper or better option, but may be a necessity for compliance or corporate governance requirements.
Most providers offer management software, and support third-party management software. Understand your available options for management tools and technical support. Also be aware of how much training or extra staff you might need to effectively use self-management tools.
5. Consider the multicloud
Some cloud customers start with a single provider and continue adding services with that provider, effectively keeping all their data eggs in one cloud basket. This is rarely a strategic choice; simply the ease of subscribing to more services with a familiar provider.
However, its only real advantage is familiarity. No single cloud provider can optimize every type of workload. This is why many enterprises already invest in multicloud portfolios, where they match workloads and business needs to provider expertise.
A common strategy is to run a hybrid cloud to extend and secure a private cloud, one or two megaclouds, and another cloud for file sharing or data protection/failover services. Managing a multicloud takes a little more attention, but can give you better service at less cost across a variety of applications and data.
6. Observe compliance
There are two major ways of being compliant in the cloud: observing privacy laws that control data access and physical storage locations, and adopting cloud providers who offer compliant storage.
Privacy laws. Several EU member nations have privacy laws that do not allow businesses to store sensitive information outside of national borders. The EU’s General Data Protection Regulation (GDRP) puts even more oversight requirements on sensitive data. If this is the case, look for a cloud provider who operates data centers within these borders and can prove compliance to a government inquiry.
Regulatory offerings. Many providers support HIPAA, SOX, PCI DSS, and more. However, their customers still hold ultimate responsibility for data compliance, so review provider’s compliance features and reporting.
7. Watch the cost
“The cloud is cheap,” or so some people say. The cloud is certainly cost-effective over building and maintaining expensive on-premises equipment. But that value does not make the cloud cheap. When you review costs, know what to look out for:
Storage costs. The amount of data you store will affect your pricing, which usually calculates cost-per-GB. Cost varies according to the activity level and type of data: if you are storing hot data in an active online database, that will cost more per-GB than cold storage. However, even cold storage costs will grow by volume.
SLAs. All cloud vendors offer service level agreements that offer a certain percentage of uptime and guarantee a level of durability. If you want to customize your SLAs, and you probably should, be prepared to pay more. Protecting your data from downtime and loss is well worth some extra cost.
Egress/Access. Cold data storage is the least expensive of the data storage pricing tiers, but can get quite expensive if you regularly egress data, or need to egress a high volume of data. The high cost of migrating large volumes of data to another cloud provider is a major factor in vendor lock-in.
8. Backup the backup
Many companies use the cloud as a backup target or to keep copies of on-premises backup. What many companies miss is cloud-to-cloud backup that backs up their active data from their SaaS environments. Too many users believe their cloud provider does long-term backup for them. The provider does not, or does it only as a premium service.
Find cloud to cloud backup services that copy cloud-based data to another region or a different provider’s cloud. Look to 3-2-1 for cloud to cloud backup: keep 2 local copies on different backup media, and at least 1 remote copy.
9. Understand the type of data you are storing
Understanding the data types you intend to store in the cloud. Common categories include enterprise file sharing, backup and replicated data, archives for search and compliance, block/object/file data formats, databases, and big data analytics environments.
The type of data you store will affect your costs, data protection levels, management requirements, and governance. Each different type will increase complexity. This is not an argument against using cloud storage – management tools and transparent cloud agreements will go a long way towards simplifying your environment.
10. Plan for performance
Scalability is the cloud’s big draw. Cloud providers keep their infrastructure highly scalable by expanding into new locations, investing in highly scalable architectures, and adopting new technology for intensive compute and storage environments.
Elasticity is another closely related feature. Where scalable architectures provide a dynamic physical, process, and networking environment to handle application growth, elasticity enables the hypervisor to provision virtual machines to serve real-time demand.
Your workloads will define the amount of scalability and elasticity they need. For example, growing cold storage will need scalability but not elasticity. High performance online operations, such as Hadoop data lakes running analytics on massive unstructured data, will need both. Make strategic choices to optimize cloud resources to your workload needs.