Top Questions You Should Ask a Potential Cloud Services Provider

When searching for a cloud services provider, ask them the following simple but crucial questions.

February 09, 2016 by Andreas Krebs

Questions for Cloud Services ProviderBusinesses left and right are moving to the cloud, or thinking about it. We recently revealed that over half of respondents in a recent survey of CIOs and IT leaders are considering “cloud first” for their IT strategy.

And why not? The cloud represents a quantum leap of efficiency and flexibility over the previous paradigm of on-premise servers and equipment. Users empowered by the cloud enjoy greater productivity and increased savings. And whether you're after nothing more complicated than selective file sharing, or something as mission-critical as running your entire operation, the cloud can handle it all.

But make sure you aren't flying in blind before you leap in. When searching for a cloud provider, ask them the following simple but crucial questions.

What security-related certifications have you earned?


Becoming a “cloud provider” is easy. Getting the certifications that show your compliance with stringent information handling standards is not.

If you're after cloud hosting services, check first if your prospective provider is SOC2-compliant.

"An SOC 2 report shows that we have the appropriate controls in place to mitigate risks related to security and availability,” said Eric DeGrass, National Director of IT Services at All Covered. “Our clients get the assurance this report gives them that our cloud environment is designed and operated to industry standards.”

Other essential certificates show compliance with FISMA (meeting standards set by the Federal Information Security Management Act of 2002), PCI-DSS (meeting standards for secure payments set by the Payment Card Industry Data Security Standard), HIPAA (meeting standards for the management of personal health information as per the Health Insurance Portability and Accountability Act of 1996), depending on your particular industry field.

What are your back-up and recovery capabilities?


How will this potential provider respond to threats to your business-critical data? What security measures do they deploy? What's their disaster recovery plan, in case the worst happens?

“Whichever provider a company chooses, it is essential that it tests the provider's recovery capabilities before committing to the service,” according to Kent State University's Todd Ryan. “Backup is easy… it's recovery that's difficult.”

All Covered, for one, puts a dedicated team to work on setting up, configuring, and monitoring your backups, testing them regularly and staying on point to recover your data quickly and efficiently in the worst possible scenario.

How will you report back to me?


The cloud provider has the responsibility to accurately report your data's status, and any relevant issues that may crop up. They may provide you with a dashboard that lets you monitor the cloud's status at any given time, or provide an alternative system of real-time monitoring.

The provider should allow you to monitor several metrics in particular, like network, memory and disk capacity, among others. Furthermore, deeper issues like change management, usage management and service-level data integration should be transparent to yourself as the client, not held close to the provider's chest.