The lack of a common framework for assessing Cloud Service Providers (CSPs) combined with the fact that no two CSPs are the same can complicate the process of selecting one that’s right for your organization. Selecting CSPs becomes even more complex when you consider the fact that more and more companies are adopting a multi-cloud approach for a variety of reasons, including cost savings, reduced risk of vendor lock-in, and data portability. (Gartner estimates that 75% of organizations will be using a multi-cloud strategy by 2022.) Add in the adoption of abstraction technologies such as containers, and workloads become for more portable between CSPs. To help you work through this, we’re using this post to discuss seven basic criteria you can use to identify providers that best match your business, technical, and operational needs.
How do you choose a public cloud provider — or if you’re planning to go multi-cloud — cloud providers? Let’s start with the major players.
The Big Three and Others
The field has a lot of competitors in it, including the big three — Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) — and a host of smaller or niche players. And of course, AWS, GCP, and Azure dominate.
While exact percentages on market share vary according to the source you consult, it is generally agreed that as of mid 2018, AWS leads the pack followed by Microsoft and Google, as this chart illustrates.
The article AWS Vs Azure Vs Google: Cloud Services Comparison provides a helpful rundown of how the three leaders compare when it comes to the following key areas:
- Compute Power
- Storage and Databases
- Networking and Content Delivery
- Management and Monitoring
- Development Tools
- Pricing Structure
If you are trying to decide how much and which aspects of your environment to run in each of these services, this article should be helpful.
Primary Evaluation Criteria
As you determine which cloud provider(s) you will use, you will want to evaluate the options that different providers offer and look at how they would support your unique business characteristics and objectives. The principal elements to consider for almost every company are as follows:
You want to understand precisely what your security goals are, the security measures offered by each provider, and the mechanisms they use to protect your applications and data. In addition, make sure you completely understand the specific areas that each party is responsible for. (Look at AWS’s Shared Responsibility Model documentation as well as the approach that Azure and Google take to security.)
Security is a top concern in the cloud (and everywhere else these days), so it’s critical to ask detailed and explicit questions that relate to your unique use cases, industry, regulatory requirements, and any other concerns you may have.
Next make sure you choose a cloud platform that can help you meet compliance standards that apply to your industry and organization. Whether you are beholden to SOC 2, PCI DSS, HIPAA, or any other frameworks, make sure you understand what it will take to achieve compliance once your applications and data are living in a public cloud infrastructure. Be sure you understand where your responsibilities lie, and which aspects of compliance the provider will help you check off.
When choosing a cloud provider, think about how the architecture will be incorporated into your workflows now and in the future. For example, if your organization has already invested heavily in the Microsoft universe, it might make sense to proceed with Azure, since Microsoft gives its customers licenses (and often some free credits).
Additionally, you may want to consider cloud storage architectures when making your decision. When it comes to storage, the three major vendors have similar architectures and offer multiple types of storage to fit different needs, but they all have different types of archival storage. If this is important to you, you will want to understand the nuanced differences between them. Each of the services offers options for storing and retrieving data frequently vs. infrequently (hot vs. cool storage).
You will also want to spend some time determining what various cloud platforms will demand from you to manage. Each of the services supports different orchestration tools and integrates with various other services. If you have services that are particularly vital to your organization, make sure that the cloud provider you choose offers an easy way to integrate with them (or that your organization is comfortable porting over to a similar service that is supported). You’ll also want to determine how much time and effort it will take your team to manage various aspects of the cloud infrastructure before making a final decision.
5. Service Levels
Service levels are an essential consideration when you have strict requirements in terms of availability, response time, capacity, and support. Cloud Service Level Agreements (Cloud SLAs) are an important element to consider when choosing a provider. It’s vital to establish a clear contractual (read: legally enforceable) relationship between a cloud service customer and a cloud service provider. You also need to pay particular attention to legal requirements for the security of data hosted in the cloud service. You must to be able to trust your cloud provider to do the right thing, and you need a legal agreement that will back you up if something goes wrong.
Support is another parameter that requires careful consideration. If you need help, will you be able to get it quickly and simply? In some cases, the only support you will get is through a chat service or call center. This may or may not be acceptable to you. In other cases, you may have access to a dedicated resource, but there’s a good chance there will be constraints on time and access. Ask questions up front about what level and forms of support you will have access to at what additional cost.
While it should never be the single or most important factor, there’s no denying that cost will play a big role in deciding which cloud service provider(s) you choose. It’s helpful to look at both sticker price and associated costs (including personnel you may need to hire to manage your instances). Here’s a look at the pricing structure of the three major players:
- AWS: Amazon determines price by rounding up the number of hours used. The minimum use is one hour.
Instances can be purchased in one of three ways:
- On Demand – Pay for what you use, no upfront cost
- Reserved – Reserve instances for one or three years, with an upfront cost based on utilization
- Spot – Bid for extra capacity available
- Google Cloud Platform: GCP bills for instances by rounding up the number of minutes used. There is a minimum of 10 minutes. Interestingly, Google recently came out with “sustained-use pricing” for compute services that offers a simpler and more elastic model compared to AWS’s reserved instances. You can read more about how this works here.
- Azure: Like GCP, Azure bills customers by rounding up the number of minutes used on demand. They also provide the option to make short-term commitments and obtain a discount for prepaying.
As you can see, you can’t make a simple apples-to-apples comparison when it comes to prices. It’s not like AWS costs $5 and GCP costs $10. Instead, you’ll need to look at your usage patterns (or estimated usage patterns) and determine which of the three best fits your business model, budget, timeline, and so on. Remember that some support levels require additional support contracts!
The seven criteria discussed above will help you build a solid analytical framework to use when you are determining which cloud service provider(s) you will trust with your data and applications. You can add granularity to this by thoroughly analyzing your organization’s requirements to discover additional factors that will help you make an informed decision. This will be key to determining which provider or providers can deliver the features and resources that will best support your ongoing business, operational, security, and compliance goals.
The post 7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider appeared first on Threat Stack.
*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by Todd Morneau. Read the original post at: https://www.threatstack.com/blog/7-cloud-service-evaluation-criteria-to-help-you-choose-the-right-cloud-service-provider