25 questions to ask before you sign up for cloud services

Cloud computing is increasingly being seen as game-changer in the Internet/ICT space, but the environment is still developing. As a result, the onus is still on prospective users to conduct their own investigations and due diligence before they sign up for cloud services.

A few weeks ago, Apple launched its iCloud service, which experts anticipate will increase the impact and use of cloud computing among the masses, especially diehard Apple users. Although Apple might offer relatively comprehensive and secure services, in keeping with our earlier post, 10 things to consider before you migrate to cloud services, there are a number of issues and concerns that must be borne in mind. Users must still be vigilant and must be prepared to ask questions about how, where and in what environment their data will be stored. The questions listed below might not be applicable to all cloud services. Nevertheless, they should provide an excellent starting point for discussions between a cloud provider and a prospective cloud user.

User requirements and background

Before one actively engages a cloud provider, it is important to consider whether the particular cloud service is right for your needs and situation. Such questions are especially important in the Caribbean where Internet service reliability and speeds can still be problematic, and can affect the quality of the cloud experience. Additionally, depending on the type of cloud service, some computing devices, especially smartphones and tablets, experience limited functionality when accessing data in clouds. There are also financial/resource implications for migration of content to a cloud and for maintaining such services.

1. What are my specifications and requirements as a prospective cloud user?

2. Can my Internet connection support regular or continuous access to cloud services?

3.  Does the cloud provider specify minimum transmission speeds or equipment requirements to avoid timeouts or loss of connections?

4. Can the cloud service be successfully used by all of the devices that need to access the cloud?

5. What are the costs/benefits of migrating to a cloud?

6. What is the financial commitment associated with using cloud services?

7.  Am I, as the user, prepared to accept some loss of control over my data, and entrust this to the cloud provider?

Cloud provider’s background

Although we often rely on reviews and personal recommendations when making choices, some due diligence ought to carried out on the cloud providers we are considering.

8. What is the business’ reputation as a cloud provider? What is its track record?

9. Are its cloud services being used by reputable businesses or organisations?

10.  Have there been lawsuits, or are lawsuits pending, against the provider?

Privacy and security

Privacy and security are critical considerations. It is important to try to ascertain the security provisions the cloud provider has established, and what its privacy policies are. With regard to privacy, it would also be instructive to know where your data is being stored. Some countries are more intrusive that others, and national law will likely override any cloud provider’s commercial privacy policy.

11.  What security measures has the cloud provider established to safeguard the information under its care?

12.  What are the provider’s privacy policies?

13.  Are those policies satisfactory to your needs and requirements (as a user)?

14.  In which country (or countries) is data being stored? Are there any plans to relocate the data storage facilities? Will you be informed if there are any changes to the location of your data storage?

Reliability and redundancy

Invariably, systems fail, but it is important to ascertain the protective measures that are being implemented to minimise inconvenience and loss.

15.  How reliable is the cloud provider and its services?

16.  What level of redundancy is being implemented?

17.  Are there any ongoing issues that might affect service availability? How do they specify and measure service availability?

Standards and interoperability

The standards used by cloud providers tend to be an issue at various points in the provider-user relationship. For example, if the service uses proprietary or non-standard formats, or if a user wishes to remove its information from the cloud or transfer it to another provider. It is important to try to determine from the outset the extent to which one might be locked-in to a particular provider, especially if non-standard systems are being implemented.

18.  What systems, platforms or applications are being used to offer cloud services? Are they based on established industry standards, or are they provider-specific?

19.  What standards has the cloud provider adopted? How might they affect your needs and specifications?

End of service

Should a user decide to no longer use the services of a particular cloud provider, one would hope that the end of service arrangements are painless and thorough. Data should be quickly extracted, hopefully in a useable format, and the provider will permanently delete all backup copies of the data on its systems.

20.  What methods are available to extract user data from the provider’s servers? How efficient are those methods

21.  What happens to back-up copies of user’s data?

Legal/contractual considerations

Although contractual matters are mentioned last, the terms set out in the service contract ought to be carefully examined and, as appropriate, legal advice should be sought.

22.  Is the service contract satisfactory?

23.  How easy is it to terminate the contract, should it become necessary?

24.  What recourse do cloud users have?

25.  What is the fine print? To what extent and under what circumstances does the cloud provider exempt itself from liability to the user?

On an aside: It is important to note that cloud providers may institute new policies from time to time that have the effect of modifying existing service contracts. It is critical to ensure that you are continually apprised of new policies, and that you try to determine the extent to which the agreed terms and conditions might be changed by any new rules that are introduced.