Jumping to the cloud is easy. But do you really know what you’re getting into? A recent Information Week article cites “insufficient due diligence” as one of the top cloud security threats. Asking a few simple questions before you make the jump can save you a lot of trouble further down the line. So, following on from our 3 Ways to Manage Risk in the Cloud post (which has ‘do your due diligence’ as #1) here is a list that may just help you out:
- Does the SaaS Provider have an SLA (Service Level Agreement) in place?
The SLA is a key indicator of reputability. If a provider does not have an SLA, you should think twice about using them.
- What does the SLA cover?
An SLA formally outlines the expectations and responsibilities of both parties regarding specific service and performance attributes, such as availability, operations, service credits, billing, penalties, etc. Before entering into any service agreement, you should read this carefully to be sure you understand what the provider will and will not do for you. Some points to consider: What is the uptime guarantee? (It should be at least 99.9%.) What are their security and privacy requirements? What happens if their service fails? What are the limits to their liability? What is the exit process?
- Does the application meet your functional requirements?
It should work without making significant changes to the current workflow, and continue to work as your company evolves.
- How reliable is the application?
Good indicators of reliability include number of customers, references provided, availability of company information (physical location, investors, etc.), and public recognition such as online activity and coverage.
- Does the app integrate easily with other apps?
Find out if they offer support with integration, as this can get hairy.
Knowledge is power. Find out the answers to these questions before you enter into a service agreement with any SaaS, Iaas or PaaS provider, and you will significantly mitigate your company’s risk level.