Making the shift from on-premise technology infrastructure to a cloud-based architecture, specifically infrastructure-as-a-service (IaaS), is a significant decision and one that should be carefully considered for its impact across an organisation. When procuring infrastructure-as-a-service consider the following:
1. Cloud computing is different
Using IaaS is not just about the location of equipment. Cloud services are priced, bought and used differently, with an on-demand utility model that is designed to maximise spend, but needs a different approach to traditional technology infrastructure.
2. Early planning is essential
All key stakeholders across an organisation should be engaged in the decision to move to a cloud model. There will certainly be huge implications for finance, IT, operations, compliance, from board level down.
3. Flexibility
When planning an IaaS procurement, focus on performance at an application level as your requirement and allow the Cloud Service Provider (CSP) to make recommendations based on their experience and understanding of best practice. Prepare to be flexible and to adapt your expectations of the actual equipment and procedures, according to the advice given.
4. Separate cloud infrastructure and managed services
Keep procurements of IaaS and managed service labour separate if possible. It will make it easier to agree and monitor specific IaaS Service Level Agreements and terms and conditions.
5. Utility pricing
As mentioned, IaaS is priced using a utility model, or pay as you go model which allows you to make maximum efficiency gains. Customised billing and transparent pricing models allow you to continually evaluate and ascertain whether you are receiving best value for money and maximising usage.
6. Industry standards
Look out for CSPs with industry standard accreditations that you can trust. Cyber Essentials, ISO 27000, ISO 9000, SSAE, PCI, GDPR compliance are all good starting points and will save you time in re-evaluation.
7. Share responsibility
A CSP ensures that infrastructure is secure and controlled, but you ensure that you architect it correctly and use secure, controlled applications. Be aware of what is your responsibility and what is the responsibility of the CSP.
8. Ensure cloud data governance
Following on from cybersecurity and data protection, it is your responsibility to ensure cloud data governance controls are in place. Find out what identity and access controls are offered by the CSP and make provisions for additional data protection, encryption and validation tools.
9. Agree commercial item terms
Cloud computing is a commercial item and should be procured under appropriate terms and conditions. Ensure you utilise these to the best effect.
10. Define cloud evaluation criteria
In order to ascertain whether you have achieved your objectives and performance requirements, you should specify your cloud evaluation criteria at the outset. The National Institute of Standards and Technology outlines some benefits of cloud usage and is a good starting point for defining cloud evaluation criteria.
Use this list before you start to plan your IaaS project and it will help you define a successful procurement strategy.