SlideShare a Scribd company logo

10 must-ask-questions-when-buying-a-cloud-solution-final

LE&AS
LE&AS

Essential questions that you should ask when buying and sourcing a new cloud solution.

Technology
1 of 9
10 Questions You Must Ask When Buying a Cloud Solution The essential questions to ask when researching and purchasing cloud solutions for your organisation
Attitudes towards cloud solutions are changing. Organisations previously cautious to embrace cloud solutions are now acknowledging that, in many areas, it is now the best way to deliver effective results. There are several key reasons for this change, including:  Cloud First Policy – mandate for central UK government to consider cloud solutions before all others when buying IT solutions, announced on 5th May 2013 (following the lead of federal US agencies in 2010).  Creation of the G Cloud Procurement Framework- support from central government in the UK, heralded by the creation of the G Cloud Procurement Framework, is providing accreditation for cloud providers.  Cost efficiencies- as budgets are squeezed, public and private sector organisations need to find further cost efficiencies and provide streamlined shared services. The flexibility of cloud services can often provide this for organisations.  Lack of funding- the lack of funding from the banks to facilitate ongoing capital investment in internal infrastructure is encouraging organisations to find more affordable solutions.  Improved security- the increasing robustness of cloud solutions, together with the improvement of security related concerns through careful development and management of security policies, means that concerns about cloud security can now be properly addressed. But, for organisations that are now looking to buy software as a service (SaaS) solution, there are still some concerns. How long could business continue and survive if you cannot access your data or your data was irretrievably lost? Are disaster recovery processes, without wider protection against insolvency, genuinely covering all the risks? These are legitimate concerns. Researchers McGladrey and Pullen estimate that a shocking 43% of businesses who lose electronically held data never reopen, and 29% close within two years.
We have put together 10 questions you should be asking any cloud service provider when buying a solution for your organisation, to help make sure you are properly protected. 1. Where will your data be stored? Establish the countries where your data will be stored, processed, and transitioned. For ease, this should be the EU. But if it’s further afield, you should take legal advice. It is generally not permissible under the Data Protection Act 1988 (as amended) to host data outside the EU (except with certain safeguards). When you are dealing with a software or network vendor for a cloud solution, ensure the identity of your Data Centre provider is stipulated in your contract. Also, make sure that the nominated Data Centre provider will not be changed without your consent or knowledge. Assert that any change in control would entitle you to terminate your contract, for example if an EU hosting provider is acquired by a competitor or a foreign government. 2. How valuable is the data that will be stored or transmitted in the cloud? Find out if any of the data going into the cloud will include personal details of customers or employees. Also, check whether any valuable commercial information, such as details of patentable inventions and legally privileged information, will be stored or transmitted in the cloud.
This type of data is clearly more valuable, sensitive and confidential than other data. As a result of this a higher degree of due diligence around the Data Centre provider is required. 3. What are the data backup provisions? Ascertain who carries out the data back-ups and what location they back up to. If the data held by the cloud solution is business critical or valuable for other reasons, someone should be mirroring or carrying out daily back-ups of the data in line with ISO 27001 and good industry practice. Identify who in your contract will be carrying this work out. Ideally the location of a back-up site (or, where the tapes will be stored if disc to disc back up is still used, the location of the secondary storage) should be sufficiently distant from the premier hosting site to ensure that both sites would be unlikely to be affected by the same set of circumstances, such as a natural disaster, floods, or a terrorist attack. At least 20 miles distance apart is a good guide. Also, do not assume that disaster recovery is included. Ideally you should look for automated fail-over to the secondary site. At the same time, check the Recovery Time Objective (how quickly will the system be back up and running) and the Recovery Point Objective (how much data will be lost if they have to go back to the last back- up), to fully understand how your data will be backed up.
4. What size is the broadband link/network access to the Data Centre? Determine the size of the broadband link to the Data Centre. As well, check what the failover provision is, should the primary link fail. Enquire how flexible the arrangements are, if you need additional capacity for a temporary or permanent increase in activity. And, if the data transfer is capped (e.g. on a monthly basis), find out if there is the charge for exceeding this cap. At the same time, establish if it is a true pay as you go agreement or if there is a minimum term with associated notice requirements. 5. Is the Data Centre insured? Find out if the Data Centre provider is properly insured. This should include professional indemnity insurance for loss of data or breach of the Data Protection Act 1988 (as amended) and also cyber liability insurance. Make sure it is clear if you will have the benefit of these and the upper limit of cover. The value of your data could easily exceed the value of a Date Centre or cloud solution provider’s liability to you under your contract. Ensure that appropriate caps on liability for loss of data (backed up by appropriate professional indemnity insurance) are provided. These are often unlimited or a substantial sum i.e. £5-10m per claim. It needs to cover the maximum fines which can be imposed, for example by the Information Commissioner, and also possibly reputational damage. You may need to review and update this from time to time, if the nature and sensitivity of the data changes. The contract should also deal with the question of which party bears the risk in the case of security breaches. If the Data Centre provider is taking the risk, you
should also require the Data Centre provider to have adequate insurance to cover the potential losses. Cyber-security policies are now available from a number of insurers. 6. What is the financial standing of the Data Centre provider and/or the cloud solution provider? Always complete a full credit check on your Data Centre provider and/or the cloud solution provider, to see how financially credit worthy they are. And, if appropriate, ask them what would happen if they went out of business. Disaster recovery processes do not cover insolvency, and an “it will never happen” answer is not an acceptable response. In the current climate, all Data Centre providers should be monitored financially and it is worth considering a “new breed” escrow agreement, which covers cloud services. Be aware, particularly if you are public sector bodies obtaining services from G Cloud (or other government framework agreements) that:  There is in effect no Pre-Qualification Questionnaire which screens the financial status of cloud solution providers.  The current OGC financial distress clauses in many public sector procurement contracts rely on supplier’s financially monitoring themselves, which is not an ideal situation.
7. How easily can you retrieve your data? Regardless of how your contract ends, ensure via the contract that you can readily access your data in an easily accessible format. This is particularly important where there is a contractual dispute with your Data Centre provider or cloud solution provider, who may be unwilling or unable to support you. 8. Does the Data Centre provider own the freehold to the premises where the servers are located? Establish whether the Data Centre provider owns the premises where they host your data, which would be ideal. However, most don’t, meaning you’ll need to do some comprehensive due diligence work on back-ups and disaster recovery strategy in case of the insolvency of the Data Centre provider itself or the owner of the premises. For example, this could occur if one of the parties does not pay the electricity or telecommunications bill. These scenarios could disrupt your service at the Data Centre. Also, check whether the Data Centre host your data on a dedicated server or store your data with third party data? Endeavour to protect a dedicated server that you own by inserting retention of title clauses etc. in contracts with Data Centre providers.
9. What are the service levels to expect from the cloud solutions provider? Stipulate appropriate service levels by the cloud solutions provider and describe the consequences if those levels are not achieved and maintained. Make sure you incorporate a demonstration of the service as part of the acceptance testing regime, with an option to terminate if service criteria are not achieved, or to withhold (part) payment until satisfied. Ask for evidence of appropriate security and disaster recovery measures. 10. Is there a SaaS Escrow agreement in place? When purchasing a cloud solution, look to implement a “new breed” escrow agreement to protect you against complete data loss. This is often very cost effective as it can save you from the cost of unnecessary back-ups of your data and the configured software source code. With a “new breed” escrow agreement in place, you won’t suffer blank screen syndrome where the Data Centre provider or cloud solutions provider go bust, nor be held liable for loss of data, where you are a data controller and subject to legal obligations imposed by the Data Protection Act 1998.
Find out more about an affordable SaaS Escrow solution, AccessAssure, by visiting www.leaas.co.uk or calling 0800 456 1115

Recommended

El mejor futbol a nivel nacional
El mejor futbol a nivel nacionalEl mejor futbol a nivel nacional
El mejor futbol a nivel nacional
gonzalopo
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

Recommended

El mejor futbol a nivel nacional
El mejor futbol a nivel nacionalEl mejor futbol a nivel nacional
El mejor futbol a nivel nacional
gonzalopo
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
Zilliz
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
DianaGray10
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
CzechDreamin
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
CzechDreamin
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
confluent
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
Stefano
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
John Staveley
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
DianaGray10
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
EasyPrinterHelp
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
Mark Opanasiuk
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 

More Related Content

Recently uploaded

Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
EasyPrinterHelp
 

Recently uploaded (20)

Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 

Featured (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

10 must-ask-questions-when-buying-a-cloud-solution-final

  • 1. 10 Questions You Must Ask When Buying a Cloud Solution The essential questions to ask when researching and purchasing cloud solutions for your organisation
  • 2. Attitudes towards cloud solutions are changing. Organisations previously cautious to embrace cloud solutions are now acknowledging that, in many areas, it is now the best way to deliver effective results. There are several key reasons for this change, including:  Cloud First Policy – mandate for central UK government to consider cloud solutions before all others when buying IT solutions, announced on 5th May 2013 (following the lead of federal US agencies in 2010).  Creation of the G Cloud Procurement Framework- support from central government in the UK, heralded by the creation of the G Cloud Procurement Framework, is providing accreditation for cloud providers.  Cost efficiencies- as budgets are squeezed, public and private sector organisations need to find further cost efficiencies and provide streamlined shared services. The flexibility of cloud services can often provide this for organisations.  Lack of funding- the lack of funding from the banks to facilitate ongoing capital investment in internal infrastructure is encouraging organisations to find more affordable solutions.  Improved security- the increasing robustness of cloud solutions, together with the improvement of security related concerns through careful development and management of security policies, means that concerns about cloud security can now be properly addressed. But, for organisations that are now looking to buy software as a service (SaaS) solution, there are still some concerns. How long could business continue and survive if you cannot access your data or your data was irretrievably lost? Are disaster recovery processes, without wider protection against insolvency, genuinely covering all the risks? These are legitimate concerns. Researchers McGladrey and Pullen estimate that a shocking 43% of businesses who lose electronically held data never reopen, and 29% close within two years.
  • 3. We have put together 10 questions you should be asking any cloud service provider when buying a solution for your organisation, to help make sure you are properly protected. 1. Where will your data be stored? Establish the countries where your data will be stored, processed, and transitioned. For ease, this should be the EU. But if it’s further afield, you should take legal advice. It is generally not permissible under the Data Protection Act 1988 (as amended) to host data outside the EU (except with certain safeguards). When you are dealing with a software or network vendor for a cloud solution, ensure the identity of your Data Centre provider is stipulated in your contract. Also, make sure that the nominated Data Centre provider will not be changed without your consent or knowledge. Assert that any change in control would entitle you to terminate your contract, for example if an EU hosting provider is acquired by a competitor or a foreign government. 2. How valuable is the data that will be stored or transmitted in the cloud? Find out if any of the data going into the cloud will include personal details of customers or employees. Also, check whether any valuable commercial information, such as details of patentable inventions and legally privileged information, will be stored or transmitted in the cloud.
  • 4. This type of data is clearly more valuable, sensitive and confidential than other data. As a result of this a higher degree of due diligence around the Data Centre provider is required. 3. What are the data backup provisions? Ascertain who carries out the data back-ups and what location they back up to. If the data held by the cloud solution is business critical or valuable for other reasons, someone should be mirroring or carrying out daily back-ups of the data in line with ISO 27001 and good industry practice. Identify who in your contract will be carrying this work out. Ideally the location of a back-up site (or, where the tapes will be stored if disc to disc back up is still used, the location of the secondary storage) should be sufficiently distant from the premier hosting site to ensure that both sites would be unlikely to be affected by the same set of circumstances, such as a natural disaster, floods, or a terrorist attack. At least 20 miles distance apart is a good guide. Also, do not assume that disaster recovery is included. Ideally you should look for automated fail-over to the secondary site. At the same time, check the Recovery Time Objective (how quickly will the system be back up and running) and the Recovery Point Objective (how much data will be lost if they have to go back to the last back- up), to fully understand how your data will be backed up.
  • 5. 4. What size is the broadband link/network access to the Data Centre? Determine the size of the broadband link to the Data Centre. As well, check what the failover provision is, should the primary link fail. Enquire how flexible the arrangements are, if you need additional capacity for a temporary or permanent increase in activity. And, if the data transfer is capped (e.g. on a monthly basis), find out if there is the charge for exceeding this cap. At the same time, establish if it is a true pay as you go agreement or if there is a minimum term with associated notice requirements. 5. Is the Data Centre insured? Find out if the Data Centre provider is properly insured. This should include professional indemnity insurance for loss of data or breach of the Data Protection Act 1988 (as amended) and also cyber liability insurance. Make sure it is clear if you will have the benefit of these and the upper limit of cover. The value of your data could easily exceed the value of a Date Centre or cloud solution provider’s liability to you under your contract. Ensure that appropriate caps on liability for loss of data (backed up by appropriate professional indemnity insurance) are provided. These are often unlimited or a substantial sum i.e. £5-10m per claim. It needs to cover the maximum fines which can be imposed, for example by the Information Commissioner, and also possibly reputational damage. You may need to review and update this from time to time, if the nature and sensitivity of the data changes. The contract should also deal with the question of which party bears the risk in the case of security breaches. If the Data Centre provider is taking the risk, you
  • 6. should also require the Data Centre provider to have adequate insurance to cover the potential losses. Cyber-security policies are now available from a number of insurers. 6. What is the financial standing of the Data Centre provider and/or the cloud solution provider? Always complete a full credit check on your Data Centre provider and/or the cloud solution provider, to see how financially credit worthy they are. And, if appropriate, ask them what would happen if they went out of business. Disaster recovery processes do not cover insolvency, and an “it will never happen” answer is not an acceptable response. In the current climate, all Data Centre providers should be monitored financially and it is worth considering a “new breed” escrow agreement, which covers cloud services. Be aware, particularly if you are public sector bodies obtaining services from G Cloud (or other government framework agreements) that:  There is in effect no Pre-Qualification Questionnaire which screens the financial status of cloud solution providers.  The current OGC financial distress clauses in many public sector procurement contracts rely on supplier’s financially monitoring themselves, which is not an ideal situation.
  • 7. 7. How easily can you retrieve your data? Regardless of how your contract ends, ensure via the contract that you can readily access your data in an easily accessible format. This is particularly important where there is a contractual dispute with your Data Centre provider or cloud solution provider, who may be unwilling or unable to support you. 8. Does the Data Centre provider own the freehold to the premises where the servers are located? Establish whether the Data Centre provider owns the premises where they host your data, which would be ideal. However, most don’t, meaning you’ll need to do some comprehensive due diligence work on back-ups and disaster recovery strategy in case of the insolvency of the Data Centre provider itself or the owner of the premises. For example, this could occur if one of the parties does not pay the electricity or telecommunications bill. These scenarios could disrupt your service at the Data Centre. Also, check whether the Data Centre host your data on a dedicated server or store your data with third party data? Endeavour to protect a dedicated server that you own by inserting retention of title clauses etc. in contracts with Data Centre providers.
  • 8. 9. What are the service levels to expect from the cloud solutions provider? Stipulate appropriate service levels by the cloud solutions provider and describe the consequences if those levels are not achieved and maintained. Make sure you incorporate a demonstration of the service as part of the acceptance testing regime, with an option to terminate if service criteria are not achieved, or to withhold (part) payment until satisfied. Ask for evidence of appropriate security and disaster recovery measures. 10. Is there a SaaS Escrow agreement in place? When purchasing a cloud solution, look to implement a “new breed” escrow agreement to protect you against complete data loss. This is often very cost effective as it can save you from the cost of unnecessary back-ups of your data and the configured software source code. With a “new breed” escrow agreement in place, you won’t suffer blank screen syndrome where the Data Centre provider or cloud solutions provider go bust, nor be held liable for loss of data, where you are a data controller and subject to legal obligations imposed by the Data Protection Act 1998.
  • 9. Find out more about an affordable SaaS Escrow solution, AccessAssure, by visiting www.leaas.co.uk or calling 0800 456 1115