As your organisation goes through the process of virtualising more IT systems, choosing the right
cloud provider to manage your subscriptions and infrastructure becomes critical to your business’ long-term success.
In the UK, the market for managed cloud services leveraging Microsoft Azure and Amazon AWS
platforms is vast with many providers offering different services. Choosing between a direct relationship with the platform owners or a partnership with a bespoke consultancy is a key decision that will shape how your business uses the cloud.
How you go about the process of choosing and migrating to the right service provider for your Azure or AWS infrastructure is dependent on your exact needs and requires careful consideration — not just related to price, but also the level of expertise on offer and the type of service that your
business requires.
In this white paper, we have compiled the key consideration areas that should inform your decision.
Perhaps the biggest decision that you will need to make in choosing your new cloud partner will be whether to go directly with the supplier (Microsoft or Amazon) or choose to work with a specialist.
Both major public cloud providers have worked hard to make the initial setup process for infrastructure straightforward. After creating an account and choosing the right virtual machines for the specification, it's possible to be up and running in Azure within minutes.
However, there are very few cases where this is the correct approach for a live environment. In a large organisation with a substantial IT department and specialist skills around solution architecture, self-managing a cloud deployment in Azure or AWS can be straightforward, however few businesses have that level of skill internally.
Cloud infrastructure is much more than just a network of virtual machines. For true resilience, set up requires the scheduling of appropriate back-ups, management of security and protection, and a plan for monitoring and ensuring compatibility — to say nothing of ongoing optimisation. Azure Marketplace offers myriad applications that can handle much of the cloud management process, however knowing which to use can be confusing.
A further consideration that is often overlooked when buying direct is the billing relationship. For budgeting purposes, most organisations prefer to pay on invoice rather than credit card. The difference may seem subtle but is important. Cost is a key factor in creating a cloud solution and a payment structure which removes budgetary control is not always compatible with commercial goals.
As noted above, not all organisations have the skills to manage a complex infrastructure solution in house. A direct relationship with Microsoft or Amazon means relying on their support service and getting information from forums and FAQ rather than having access to an account manager. with a specialist partner like IG CloudOps means that you will have a closer relationship with a technical account manager who will be more familiar with your needs. This means that issues can be resolved more quickly and efficiently to reduce your exposure to downtime.
The total cost of your cloud infrastructure should consider the following:
If your organisation was to buy an infrastructure subscription direct with Microsoft or Amazon and then take support and software from elsewhere, it may be more costly than choosing a single supplier where all of the different components —aside from your internal staffing costs — could be grouped into a single purchase order and invoice.
There are multiple steps in the selection process for a vendor supplying business critical services. The first of these is understanding exactly what your requirements will be.
Before selecting a managed services partner, it's essential to create a specification of what services they will manage. This sounds obvious but is often overlooked.
Conducting an internal assessment of your requirements, and potentially working with a certified architect to plan out what you will need will give you the ability to discuss your true needs with potential suppliers and get a like for like comparison of the service levels and costs that they will bring forward.
A clear picture of what technical requirements you have along with your expectations of service levels, and any particular data governance needs that you have means that the quotes you receive will cover the different items in your checklist and streamline the process of moving to a preferred support partner.
In some cases, you may find that the partner you choose for a migration project is different to the one who will provide long term support. In that case, it is useful to engage with the long- term support partner early in the migration process to give them greater insight into your solution— this will make future support much more efficient and useful.
Ultimately, your choice of cloud partner will come be based upon your perception of who “gets” your business best and is able to provide the insight and support levels you need to ensure that your performance goals are met. If you follow a formal supplier recruitment process, then you will set a group of criteria for the selection and focus on these during the assessment. The following criteria should form part of your cloud partner assessment — the weight that they are given in the scoring would be dependent on how you want to manage the relationship in the context of your own business goals.
1. Contracts & commercial agreements
2. Supplier accreditation
3. Supplier business health
4. Vendor Relationships
5. Data governance and security
6. Technology roadmap
Your relationship with your cloud provider will be defined by the contract and this will cover the service levels you agree along with the billing arrangements over time.
For straightforward solutions, the agreement may be a simple document with fixed terms and standard SLAs, however if your needs are more complex, then there may be extensive customisation to the contract to cover your specific requirements.
Flexibility in a contract is not always a good sign — unilateral changes to the agreement may mean that the level of service you receive for a given fee may evolve over time and create conflict with other legal or standards obligations you have.
The key considerations that will form part of the contract should include:
The Service Delivery Agreement should be clearly defined and include information about the roles and responsibilities that are in place. This will include provisioning, management, support levels, escalation.
Ideally, the service delivery agreement should fit in with your own business requirements for up time and reporting to ensure compliance.
Your Supplier SLA should cover areas such as service availability (uptime percentage), agreed capacity and accessibility. It will also include areas such as response time for support requests or required changes.
The more specific and relevant the objectives of the SLA are for your business needs, the better it will work for both parties. Check for exclusions and limits to the scope that may affect how the agreement can be enforced.
Ensure that the Service level agreement your provider offer specifies the escalation process that would be adopted in the event of issues and what compensation may be available.
Buying direct from the vendor (e.g. Microsoft) would usually mean that you only pay for the virtual machines and data transfer costs. A relationship with a managed service provider will generally be more complex and include a bundle of services such as support and monitoring.
A clearly defined commercial agreement that includes specific information about the number of support hours you can use before paying an overage charge, or an agreement on the cost for changes to your deployment will mean that budgets are more straightforward to control.
Your contract may be either a fixed fee or variable depending on consumption and should include regular reviews to ensure that the capacity you are buying meets your needs and avoids wastage.
Your contract with a provider is there to protect both parties and the standard terms should include specific terms relating to Intellectual Property Rights, Indemnification, and Limitation of liability. Compare the contractual protections that you are offered by different providers to ensure that the terms offered meet your needs.
Your contract with a cloud managed services provider will likely be for an initial fixed term, but you should always be mindful about how you will exit if you choose to move to another supplier at some future time.
Ensure that there are provisions in place within your agreement and through the relationship that define how you would access your data in the event the contract ended. The exit provisions should include information about how data would be released and whether any costs would apply at the end of the contract.
There are multiple bodies that define best practice and provide certification within the cloud industry.
Both Microsoft and Amazon have partner programmes that include certification for members based on structured courses and exams.
Microsoft offer the following qualifications and training courses to cover all aspects of Azure
Management and configuration:
In addition to the above, the company also develops new qualifications to reflect changes in the platform. The current beta list is as follows:
Amazon's range of qualifications are grouped as follows:
Amazon offer specialist qualifications alongside their main programme which cover specific aspects of AWS:
When choosing a provider, talk to them about which certifications are held within their team to ensure that they can offer the correct advice for your project goals.
Standards compliance across different suppliers gives you as the customer the ability to compare like with like and helps you choose your partner.
The complexity of the cloud industry does mean that there are multiple standards and accreditations that cover the services that you will need. There are ISO standards for different aspects of the cloud such as 27001 which lays out the requirements for information security management systems, so it is important to ensure that the criteria you use to judge suppliers are appropriate to your specific needs.
Key accreditations that you should look for in a supplier include compliance with:
Prospective consultants should be able to provide advice about what specific accreditations are most important to your deployment based on industry and legal requirements for the type of data that you're hosting.
Your relationship with an Amazon or Azure managed services provider will usually continue over multiple years, and as such, taking time to consider the history, financial health and business goals of your provider is important.
Without a sound business in place, even the most competitive provider may not be a good long-term fit for your business, and if they cease trading without adequate warning, you may lose data or your application.
Both Microsoft and Amazon provide guidance on partner selection, specifying that:
“The provider should have a track record of stability and be in a healthy financial position with
sufficient capital to operate successfully over the long term”.
A partner's long term plans may be subject to change during the lifetime of your agreement, but at the outset it is wise to establish whether there are any major corporate changes such as mergers or acquisitions that are planned which may affect your business relationship.
The type of client that your provider typically works with is important to research. A provider without experience of the nuances and legal requirements in your sector may not be a good fit for security reasons. Likewise, a partner who works with much larger or smaller businesses than yours may not assign an expected level of resource to your management.
Modern public cloud managed service providers will typically work with multiple vendors in order to provide the most appropriate solution for clients. In most cases, this can be seen in their partner status with either Microsoft or Amazon.
Talk to your prospective provider about the length of their relationship with their vendors and the level of certification and training that they offer. Adherence with partner requirements will usually entail having a range of qualifications to cover the different aspects of managing services within the platform.
Talk to providers about technical competencies to ensure that they can extend your existing skill levels. Choosing an Azure provider based on them simply having Microsoft Gold Partner status without confirming that their specialisms are appropriate to cloud and Azure may result in an unsuitable and inexperienced partner taking responsibility for critical business services.
Cloud hosting of data and services is more secure than legacy hosting — provided that the proper security measures are taken, and that software is regularly patched and reviewed. When moving to the cloud you still need to be mindful of how your information is secured and discuss with your vendor about what steps they are taking to protect your business-critical information.
Maintaining the security of your data and that of clients is a fundamental requirement for most application hosting. A successful cloud managed services provider will be able to demonstrate the processes that they have put in place to protect your information and provide system security.
Managing and minimising risk should be at the heart of the security policies. You will need to agree responsibility for all aspects of InfoSec with your provider and ensure that their policies are compatible with your own.
The ability to audit access and activity on your cloud platform is essential. A managed services provider who is unable to share this information with you should be avoided. Processes need to be documented and agreed to protect your business.
Examples of incident and security audit reports should be provided at the outset of the agreement, and policies agreed for how these would be supplied if required during the relationship.
GDPR and similar legislation has given more emphasis to the way data is held and managed, and as such, considerations about how your data is stored and managed should be a fundamental part of your agreement.
Key questions to ask include where your data will reside. Azure and AWS use global data centre networks to deliver their services and provide backups which means that data centre location is a consideration — it's possible to manage Azure costs by buying capacity internationally, so discuss this arrangement with your supplier as it could be leveraged to reduce costs for certain aspects of your solution.
Application function around security and encryption should form part of the testing process prior to deployment to ensure that any existing aspects are retained in your new arrangement.
Your provider should be able to provide you with insight into their notification process for data loss or security breaches and ensure that they are aligned with your obligations.
For a business-critical cloud solution, it is important to understand what the disaster recovery processes are and how you can use them.
You should agree data preservation expectations including recovery times - these may be specific to different aspects of your solution and include issue reporting and the provision of plans to avoid recurring issues.
Roles and responsibilities, escalation processes and who has the burden of proof, all must be clearly documented in the service agreement. This is vital, as in many cases, your team may be responsible for implementing some of these processes.
It is important to recognise that not all issues your business may face would be covered within the Disaster Recovery process of your provider — such as in the even that they cease trading. As such, you should also consider purchasing additional risk insurance to ensure that the costs of recovery can always be covered.
A long-term relationship with your provider will inevitably involve changes to their relationship with technology and the range of services that they are able to provide.
For a provider who offers software-based management of your Azure or AWS deployment, the future development of their technology will impact on your application and hosting. Discuss their innovation roadmap as part of the selection process to ensure that a solution that works well today will continue to take advantage of new releases within the cloud and what their ongoing plans are.
Your supplier may be committed to a single platform today (e.g. Microsoft Azure), but you should discuss future options with them — for example what would their plans be if developments from another vendor such as IBM outstrip their current preference and offer a more cost effective or efficient solution to your application hosting needs.
When selecting your new cloud partner for migration or management services, it's important to >include both hard and soft criteria in your assessment process. It's likely that your relationship with a supplier will extents over multiple years, so you need to have a strong relationship with your partner that allows them to help you understand and meet your business goals.
Key factors such as certifications, skills and applicable standards should be considered as fundamental to the decision, but it is also vitally important to investigate existing client relationships through case studies, references and testimonials.
Over the lifespan of your contract, it is likely that there will be personnel changes on both sides of the agreement, along with platform changes as new technologies are introduced and billing structures change.
Your decision should be based not just on who will be the most appropriate partner today, but also into the future and your final contract with the supplier needs to cover your changing needs and allow for growth without affecting the quality of service and value you receive.
Taking the time at the start of the relationship to agree mutually beneficial terms and SLAs give you a strong foundation for a relationship that can help your business maximise the value of both the cloud and the level of insight and development that your partner can offer.
If you’re experiencing any of the challenges explored here, or need to gain greater visibility and control of your cloud implementation, please do get in touch with us and a member of our team will be happy to talk through your needs.