Choosing a cloud provider: don’t forget your long term strategy

As the pandemic crisis forced us to change our lives, our organizations and the way we consume, it clearly accelerated global digital transformation worldwide. Meanwhile, it also drastically impacted our economy and our businesses. With postponed or cancelled projects, too many companies are experiencing a significant contraction of their activity.

With this business decreasing context, organizations have no choices but to optimize their costs and continue developing their move to digital, while keeping their IT secured and their data protected from the booming number of cyberthreats.

Choosing a cloud provider: don't forget your long term strategy

To accelerate their digital transformation while reducing cost, companies can leverage on some key sales events organized by their IT suppliers. Cyber Monday sales is one of these unique opportunities, cloud providers offering very attractive deals and promotions for their services.

In our case, we follow the traditions with dedicated offers on Bare Metal Cloud, Hosted Private Cloud, Public Cloud and Web Cloud, multiple tailored cloud solutions answering all business needs can be purchased at discounted prices.

Cloud computing is a very fast growing but extremely competitive market, where providers sometimes do not hesitate to highlight very low prices, not mentioning hidden costs, lack of security and data protection basic features, or using not interoperable proprietary solutions to lock you in order to eventually generate profit. To prevent from bad surprises whine selecting a cloud provider, we have listed some guidelines or key aspects we believe you should carefully look at before making any decision.

Where my data are stored?

Some cloud service providers have decided to not communicate to their clients the precise location where their data are stored, and use the concept of geographical “regions” and “zones”. You can then select such a zone… but it doesn’t really mean you know where your data are stored and replicated.

Some alternative cloud providers show more transparency, sharing detailed information with their clients about datacenters precise location, and even the actual room and server where the data is stored. You could even ask your cloud providers a report stating where your data are localized if this is required by your clients or by some authorities.

What laws apply to my data and who could access it?

The data you store within a cloud provider is basically subject to the nation’s laws of its headquarters, as well as the nation’s laws of the territories where your data is transferred, processed, and stored. This topic raised a lot of questions within the EU with the invalidation of the “Privacy Shield” last July.

For instance, if your data is hosted and operated within the EU by a US based cloud provider, the US and EU laws apply to your data meaning both GDPR and US extrateritorial surveillance programs (FISA 702, EO 12333…), as well as the CLOUD Act.

Same rules apply to Chinese cloud providers where your data are subject China National Intelligence Law.

Does my cloud provider follow best practices in terms of security & data protection?

A very common way to assess the level of security offered by your cloud provider is to make sure it provides industry standards compliance like ISO/IEC 27001, AICPA SOC II Type 2 as well as with the latest one: ISO/IEC 27701 certification for data privacy. Check-out your cloud provider Information System Security Policy documentation (ISSP), everything should be reported there.

For your most sensitive data, some national IT security agencies have developed specific standards, like ANSSI with SecNumCloud qualification in France. Moreover, in order to protect your data privacy after deleting stored data, your cloud provider must automatically execute a specific script according to in force standards, like NIST SP 800-88.

What are its commitments in terms of service continuity and availability?

Service continuity is provided by various processes ensuring power, network, equipment and applications availability.

To provide such high availability, has you your cloud provider designed its services with full redundancy at each level? In case of outage, has your cloud provider put in place some recovery processes like system configuration backups? Advanced Anti-DDoS protection can also be applied by your provider to prevent from some type of cyberthreats. Is it the case?

Last but not least, you must check whether your provider offers end-to-end SLAs. You can then be sure it will do its best to not lose money with the services it operates for you!

How can I prevent from unexpected fees in cloud services’ bills?

Some cloud providers can look extremely competitive thanks to their super low-price tags which actually do not include multiple additional hidden fees, like Ingress / Egress data transfer costs or other basic options you will definitely need.

To avoid bad surprises, you can decide to switch to a prepaid plan… which can end-up being expensive and as unpredictable as standard post-paid.

Some other cloud providers offer simplified and transparent pricing structures with no hidden fees.

How easy is it to cancel my contract, and transfer my services to another provider?

Vendor lock-in is a wildly used common practice in the cloud industry. This cloud service looks perfect to you, however it seems to be using not standard proprietary technologies, but with very appealing price tags or sales promotions. It’s easy to get trapped, but hard and expensive to recover.

To avoid this, you must seek as much as you can for open, portable, interoperable technologies. As such practices are getting well known, new standards and initiative recently emerged to help you, such as CISPE and SWIPO Code of Conducts, or now with the European initiative Gaia-X.

Use of open source and standardized technologies are another, complementary way to prevent being stuck with one single provider.

Do we share the same values with my cloud provider?

Your cloud becomes a key supplier operating critical assets for your business, this required a very high trust level.

Your provider must help you increase your competitiveness and grow your business. You cloud provider is actually like a business partner however, in some cases, it can also appear as an embarrassing partner.

Is there a risk to face a competitive situation with your provider in the future? What image does it carry in your industry? Where does it pay its taxes? What are its sustainability and green policies?

Your trust combined with market recognition

As this year is very unique, OVHcloud has decided to launch unseen deals and discounts for the Cyber Monday, with an extended range of services covering all business needs, in every country where we operate.

Cyber Moday

To better support and empower our enterprise customers, we have developed new strategies. Those got rewarded this year by major analysts like Forrester that qualified OVHcloud as the European leader for Hosted Private Cloud, or IDC that listed OVHcloud as the only European company among worldwide Public Cloud providers.

More than ever before, we stick to our SMART Cloud (Simple, Multi-local, Accessible, Reversible, Transparent) values, providing innovative, open and secured solutions, a cloud you can trust fully respecting our client’s fundamental rights and freedom.

+ posts

Chief Digital Marketing Officer, responsible for elevating the brand and developing digital assets to promote the company’s solutions. Prior to OVHcloud, Ludivine worked for fifteen years in global marketing agencies Publicis & Havas Group, as well as 3 years in the international retail sector where she held the role of Chief Customer Activation Officer.

Product marketer in charge of OVHcloud offers and go-to-market for industries handling sensitive data: healthcare, financial services, public sector or critical infrastructures operators