Migrating to the cloud requires signing up to a cloud vendor. Cloud service providers are businesses. Their primary motivation is profits and not social service. They may position information in a way that sounds all appealing. Here are seven things your cloud vendor may not disclose.
1. Portability
One of the key advantages of the cloud is easy portability. But most cloud marketers remain silent on portability.
The cloud shifts CAPEX costs from the business to the provider. The provider recovers these costs from their clients. When a client leaves, the provider’s profits decrease. Naturally, the cloud provider would do everything in their power to stop clients from leaving. Providers may not legally prevent a client from leaving, but they are under no legal obligation to make the shift easy.
- Clarify on the portability before subscribing. Make sure that the relevant portability clause finds its place in the service contract. If not, you might end up paying more for flexibility, while enjoying no flexibility.
- Build the cloud stack with adaptive enablement upfront. Virtualize every layer and ensure access to every layer in the stack. Resist the temptation to build cheaper and easier non-virtualized layers.
- Opt for non-native general-purpose, heterogeneous solutions that span public clouds. Cloud vendors try to offer an integrated offering of a native database, cloud ops system, and security systems. In today’s multi-cloud world, such integrated native capabilities do not offer any special benefits. But they strengthen vendor lock-in. Entrusting the cloud vendor to build part of the stack is a cardinal mistake that often locks on the subscriber for a long time. Migrating in such situations will need a near-total rebuild.
2. Scalability
Scalability is one of the biggest advantages of the cloud. But many cloud vendors do not offer specifics regarding scalability. Even when the cloud provider does provide easy scalability, the charges may be high.
Most cloud contracts are term-based contracts. The user commits to a specific number of units or volumes of a resource for a specific time.
But in today’s fluid business environment, requirements often change during the contract period. At times the capacity remains unutilized. And at other times, businesses may need more capacity.
When the users need extra capacity, most vendors reset the per-unit price for the units above the volume threshold. But the user invariably ends up paying for the volumes during the length of the subscription term, even if they underutilize the paid-for capacity.
Most cloud contracts are use-it-or-lose-it propositions. The cloud vendor will refuse to refund or credit features not used during the term of the subscription. They may cite revenue recognition issues. Instances of cloud providers offering credits or roll-overs to the next period are rare. Thus, multi-year subscriptions are a lock-in with the vendor for an extended term.
- Assess the vendor’s infrastructure and the ability to scale up rapidly on needing extra resources.
- Negotiate the contract. Have a granular knowledge of specific products and features needed, upfront. Base the negotiation on these requirements. Make a strong pitch for refund, credit, or the ability to swap products during the renewal negotiation.
- Seek a volume discount structure that gets a better per-unit price after meeting a specific threshold. The cloud vendor will invariably say no to reset unit pricing to a lower per-unit price after meeting the agreed-upon volume threshold.
3. Hidden Costs
Do not compare or identify the cost of the cloud provider based on the sticker price alone. Several cloud vendors do not disclose the full pricing picture. The price highlighted may be for a small unit, and the realistic price may be higher. Optional extras may include some unavoidable features.
- Keep data in the cloud after ensuring security. A public cloud provider includes charges for data ingress and egress in their monthly bill. Solutions that need a lot of data entering and exiting the cloud become very costly. Keeping some data on-premises increases the ingress and egress, and adds up to the cost.
- Explore different archival storage. Consider hot storage vs. cool storage. Cool storage costs less but comes with various restrictions.
- Consider associated costs, including the cost of personnel to manage the instances.
4. The Vendor’s Stability
Cloud services are booming, and more and more services embrace them. But this does not mean all cloud vendors are thriving. Many cloud vendors, especially small vendors, struggle to stay afloat.
Cloud vendors rarely disclose their financial status or the number of clients they have. In fact, they rarely disclose any indicator that makes explicit the health of their business.
Regardless, weak vendors can go out of business very soon, leaving incumbent cloud accounts in the lurch. In such scenarios, clients face significant downtime and expensive migrations.
- Insist on detailed financial forecasts from the potential cloud provider. Assume the worst if they refuse to provide it.
- Read feedback and reviews of the provider on popular forums. Take negative comments with a pinch of salt, but find out how the provider approached complaints and resolved them.
5. Hosting Location
Very few cloud providers disclose the actual location of their servers.
Cloud providers put their servers at low-cost geographies. Many such locations may have unsavoury governments. In case of a data breach or dispute, the nationality of the data owner or the country of origin of the data does not matter. Only the law of the country where the server resides applies. This has serious implications for data protection and privacy. For instance, without strong data protection laws, an intermediary may copy trade secrets and pass them on to competitors.
The location of client data is rarely static anyway. Cloud providers keep on moving data. They store data in redundant servers for backups and easy availability. At times, they may merge facilities.
- Find out where the cloud provider stores the data. Ask for a list of the data centers used by the provider.
- Perform a legal analysis of the cloud agreement. Consider if the location of the server will lead to non-compliance with data protection laws.
6. Security and Compliance
Many cloud providers remain tight-lipped about the security measures they deploy. Often the security measures may be inadequate.
- Understand the security measures offered by the provider. Find out how they secure client applications and data.
- Break down the specifics of the security offered by the cloud vendor. Consider the features offered free out-of-the-box, and add-on paid services.
- Have clarity on the specific areas of responsibility of each party. AWS’s Shared Responsibility Model documentation is a good base to get started. Factor extra security needs into the design and cost forecasting.
- Evaluate the cloud platform based on the needed compliance standards. Consider the extent to which the vendor supports compliance for GDPR, PCI DSS, HIPAA, or other frameworks.
The cloud offers several advantages. But success depends on understanding the complete picture and taking informed decisions that factor in all hidden costs and risks.