LEGAL IT BLOG

Recommended Blogs

  • GDPR & Email Data Security - Data protection and management in email communication

    Do you have questions about GDPR? Do you know how to protect your personal or corporate data and manage your email ...

    Read More
  • Best cyber resilience practices for law firms

    With all the recent talk about the introduction of GDPR, you probably feel that you’ve read enough about cybersecurity ...

    Read More
  • Innovation and law firms - what’s new in the industry?

    According to a survey carried out by Smith and Williamson in 2017, of the three biggest challenges facing UK law firms, ...

    Read More
  • What to look for in a managed service provider

    The legal sector has changed beyond all recognition in many of its practices over the last 20 years. And if the last 20 ...

    Read More
  • Cloud provider checklist

     You’ve probably come across names like Amazon Web Services, Azure, and Google in your quest to find a cloud provider ...

    Read More
Cloud provider checklist
BY Will Millerchip

 You’ve probably come across names like Amazon Web Services, Azure, and Google in your quest to find a cloud provider for your organisation. They’re well-known for a reason – the sheer scale of AWS’s product range, for example, is pretty impressive.

However, choosing a cloud provider based purely on its public profile isn’t always the wisest or most cost-effective choice. For smaller, more niche applications, you may be able to find a specialist provider willing to fine-tune a cloud solution for you.

 

Regardless of which cloud provider you choose, there are several factors to take into consideration which will help you narrow down the right service for you.

 

Here’s Sprout’s Cloud Provider Checklist, for all your comparison needs.

 

shutterstock_357109940.jpg

 

Standards and Certifications

 

You wouldn’t buy an electrical appliance without the CE safety mark. In the same way, it’s recommended that you compare how different providers certify their services. It’s a good sign when a provider shows that they’re eager to comply with quality frameworks and globally recognised standards.

 

There are multiple different standards and certifications attributable to cloud providers, and they tend to fall into three categories – cloud, security, and operations.

 

Depending on your requirements, you may want to look for a provider which focuses on security accreditation such as the ISO 27001, or the Cyber Essentials Scheme offered by the government.

 

As a general rule, a good provider will provide ongoing resources and support to ensure adherence to any relevant standards. Keep an eye out for effective data management, good service status visibility, and an understanding of structured processes and knowledge management.

 

Technologies

 

What’s your current technological environment like? Your chosen cloud provider should:

  • Suit your current workload and management preferences
  • Be able to integrate with your existing structures, as well as be able to support your cloud objective
  • Offer comprehensive migration services, assessment assistance, and help with planning phases

 

If a large-scale provider can’t provide technical support, they may be able to recommend third party support to fill the gaps they can’t quite manage to fill.

 

Service Roadmap

 

Look at how the service provider is planning to expand and evolve. Do they have innovations or developments in line with your own future needs?

 

Software as a Service (SaaS) providers specifically should be able to deliver a features, services, and integration roadmap in order to prove their commitments to deploying compatibility across their platform. This is especially useful if you’re planning to use a few different cloud providers for different applications – there’s nothing worse than non-compatible software.

 

 

Data Management and Information Security

 

As the General Data Protection Regulation (GDPR) legislation deadline looms, you need to make sure you’re choosing a cloud provider who is compliant with the new rules. According to a recent Commvault survey, only 12% of 177 global IT organisations were aware of how the GDPR would affect their cloud services.

 

The Cloud Industry Forum (CIF) have added two points to their Code of Practice, which is a popular certification code by which cloud providers abide. These additions refer to contracting disclosure, and are attributed to Transparency: Section A.2, as follows:

  • Information needed by potential customers so that they can make informed decisions about relevant criteria except for capability
  • Information potentially needed during contract execution for operational purposes 

This pre-contract disclosure clause concerns other areas of transparency like the roles of the controller and processor, data location, geographical focus, data transfer, guarantees and remedies, and complaints and dispute resolution.

 

You can implement internal security audits and use the resulting reports to inform your company policy regarding data breaches and misuse of the platform.

 

Whoever you choose – check to see their stance on the GDPR. Although your internal team are partly responsible for the legal handling of data, your cloud provider will play a huge role in establishing compliance within your organisation.

 

Service Level Agreements (SLAs)

 

A SLA is an official commitment between a service provider and a customer which exists to ensure prevalence of aspects like security, availability, and responsibility.

 

Their three main components are:

  • Service Level Objectives (SLOs)
  • Remediation policies/penalties/incentives related to these objectives
  • Exclusions and caveats 

SLOs generally refer to things like:

  • Accessibility
  • Service Availability – uptime as a percentage
  • Service Capacity – upper limit in terms of users, connections, resources
  • Response Time and Elasticity – how quickly changes can be implemented

When your cloud provider offers you an SLA, make sure you’re checking for issue identification and resolve pathways, compensation processes, and any small print caveats.

 

Vendor Relationships/Subcontractors and Service Dependencies/Reliability

 

If you’re looking to buy a SaaS CRM, for example, you may want to look into the integration possibilities between marketing or accounting solutions.

 

Similarly, an organisation requiring PaaS integration would benefit from buying from a cloud marketplace that offers preconfigured, complimentary services which operate seamlessly on existing platforms.

 

You’ll find that many SaaS providers construct their networks on an IaaS platform, which could include a whole chain of subcontractors. If you work primarily with data privacy or confidential business processes, it’s best to stay away from those with too many links in the chain.

 

However, you’re entitled to know who they’re working with – the Code of Practice demands explicit clarification of service dependencies from cloud providers, as it impacts SLAs, accountability, and responsibility.

 

Additionally, a provider should be able to provide you with (or publish) the results of their performance pitted against their SLAs for the last 6-12 months. This can inform you of their reliability, and could deliver insights into their disaster recovery processes and provisions.

 

Migration Support/Vendor Lock In/Exit Planning

 

After you’ve chosen your cloud provider, is all said and done? Well, not necessarily – unless your chosen provider has a vendor lock-in clause, or very little migration support.

 

This can be the crux of an already stressful attempt to transition from one provider to another, as your existing providers and vendors may not provide services which mirror those of the provider you wish to switch to.

 

If you can, choose a provider with limited reliance on proprietary technology, or minimise your own use of services which are particularly bespoke – this could make them tricky to transfer across to a new platform.

 

Becoming too reliant on a single provider can be detrimental to the long-term functionality of your cloud platform. As your organisation grows and develops so may the needs of your cloud, and if your current provider isn’t willing to evolve and innovate effectively, a transfer across to a new platform may be the boost your business needs.

 

In light of this, you’ll want to look at providers that offer simple exit provisions. This will include the complex processes involved in data responsibility changes, where your data will be, and how long the provider gets to keep it.

 

Confused about the cloud? Ask the Sprout Team for advice.

 

Though this article is fairly extensive, it’s not an exhaustive checklist by any means. The features your cloud provider will need are individual to your situation, and sometimes it’s best to get a professional opinion on how best to go about choosing one.

 

Speak to the Sprout Team today on 020 7036 8530 or at support@sproutit.co.uk for advice and answers to any questions you may have.

 

Click below if you are interested to learn more about Sprout IT's private cloud solution

 

CTA - SproutCloud-2

 

 

Cyber Security sprout cloud cloud cloud solution