How to choose your cloud computing service provider?

Comment choisir son fournisseur de cloud(s) : nos conseils
By M. Renotte 15/03/2023
Finance, FinTechs & RegTechs
Health & Life Sciences
International Institutions
Security, Defense, Space
Online Services
OES - Operators of Essential Services

From application hosting to pay-as-you-use consumption of specific data resources and services, the cloud has become a must for an ever-increasing number of businesses and organisations of all kinds. However, choosing a cloud provider is a strategic move that often requires a complex approach. Here are a few things to consider.

Increasing use of cloud services

Globally, companies run 49% of their workloads and store 46% of their data in public clouds, according to Flexera's latest State of the Cloud Report1. The trend is upwards, with the companies surveyed predicting 6 to 7% growth in the use of cloud technologies. In view of these figures, it is clear that the relevance of the cloud is no longer up for debate. What continues to be debated, however, is the choice of the partner-operator capable of providing the company with the cloud services that best meet its specific needs.

Types of services offered by cloud computing providers

There are generally two models of cloud solutions:  

SaaS cloud provider solutions

The SaaS solution via a provider that allows a company not to worry about (re)manufacturing the technological object it wants to obtain. The solution is packaged, ready to use.

IaaS or PaaS cloud provider solutions

IaaS or PaaS solutions via an infrastructure with shared building blocks, but customised to meet the specific needs while allowing the recognised benefits of the Cloud: agility, elasticity, simplicity and budget savings.

To help you choose the right cloud service provider, here are 4 important points to consider:

1/ Security and compliance of your cloud provider

As the digital environment continues to evolve, security threats are becoming increasingly sophisticated. Some common threats explicitly target cloud computing providers because of organisations’ general lack of visibility into data access and movement. Without taking active steps to improve their cloud security, organisations can face significant governance and compliance risks when managing customer or employee information, regardless of where it is stored.

By default, most cloud service providers apply good security practices and take active steps to protect the integrity of their servers. Naturally, the cloud environment will have some protection by default. However, companies need to think about how to protect data, applications and processes running in the cloud. While third-party cloud service providers often take responsibility for the efficiency and security of this infrastructure, responsibility for data security and compliance with the customer's overall data strategy is not always part of the package.

Ensure the security and compliance of your environment

Managing regulatory compliance is often a source of confusion for organisations using public or hybrid cloud deployments. However, the overall responsibility for data privacy and security still rests with the business, and heavy reliance on third-party solutions to manage this can lead to costly compliance issues. Sector-specific directives (finance, health, etc.) are increasingly emphasising these aspects.

Cloud security and regulatory compliance management must therefore be given special attention. Responsibility for this should be shared between the company and its cloud service provider, but it is often the company which has to take on the responsibility. Security and compliance in the cloud rely on complex interactions of technologies, controls, processes and policies. These practices must be carefully tailored to the unique requirements of each organisation.

2/ Cost-effectiveness and efficiency of the provider's cloud architecture

The Cloud is a promise of agility for companies, but it is often seen as a mean of making savings. In fact, as the migration to the Cloud is a transformation for the company, it should be considered first and foremost as an investment that must yield its ROI (Return on Investment). 

For the customer, the Cloud generates new cost flows and possibly revenues linked to new products. The large public cloud platforms offer impressive quantities of cloud services for sale, which generates increasingly complex bills for customers, especially with completely new metrics mainly based on per-use consumption. According to the latest IDC and Gartner studies, only 16% of companies believe they have a clear understanding of their cloud invoices. One in five companies say they do not understand certain billing items and almost half of them say they do not understand the invoices sent to them at all. The research also found that companies estimate that 10-30% of their cloud spend is wasted each year. 

Combine budget control and environmental responsibility with FinOps

This is why FinOps has become so important. FinOps, a contraction of the terms finance and operations, aims at controlling and optimising costs in cloud computing. It is not so much about saving money as it is about obtaining real visibility that will help the company avoid issues and ensure that the cloud becomes a driver of controlled growth.

FinOps also has a positive and direct impact on CSR issues. At a time when the European Commission is asking data center operators to aim for carbon neutrality by 20302, FinOps is increasingly associated with digital sobriety and Green IT initiatives. By helping to consume resources more efficiently, FinOps helps to reduce environmental costs and make IT systems more sustainable and responsible: it thus becomes GreenOps. While information technology helps to better manage many aspects of everyday life, it is itself a major consumer of raw materials and energy. As these technologies are at the heart of all modern businesses, it is essential to use their resources as efficiently as possible. 

Unnecessary cloud spending amounted to $14 billion in 20193. As discussions about the limits of the world's resources become more and more prevalent, FinOps offers companies a real opportunity to act positively. Beyond integrating financial responsibility, better managing and allocating cloud costs can have a positive impact on the associated energy consumption and, ultimately, on the carbon footprint.

Beyond the intrinsic benefits of the cloud, all FinOps and GreenOps practices aim at helping companies avoid wasting resources: optimising code, choosing the right technology and architecture for each business service, removing unused resources, using under-utilised ones, etc. 

3/ Cloud service provider innovation

The focus of an organisation's digital transformation has shifted from meeting its IT needs to meeting the unique strategic and operational needs of each of its business lines.

Hyperscale Cloud Providers

Hyperscale cloud or SaaS solution providers are now working with technology consulting firms, data providers, integrators and customers to produce modular, industry-specific, vertical services and accelerators that can be easily adopted and configured to suit specific business needs.

As this trend develops, application deployment will become a process of assembly rather than creation - a development that can reorganise the entire value chain and operating model. Business processes will become products to be purchased, allowing organisations to focus their development resources on critical areas of business strategy and competitive differentiation. Data will flow from systems or data spaces outside the company’s original perimeter... The potential for even more business-critical AI is immense.

Industry Cloud Providers

Industry Clouds, also known as vertical clouds, are suites of cloud services designed for specific sectors. They have the advantage of combining the convenience of the public cloud with the specificities of applications dedicated to a given sector, without compromising on the needs specific to that industry, such as the rules and obligations to be respected, for example.

These new industry-specific solutions aim at providing answers to unique business problems, rather than generic cloud services that are time-consuming to deploy and set up and require skills that companies may not have. According to the report Reimagining digital transformation with industry clouds4, these solutions "allow organizations to shift internal resources to focus on their strategic ability to win, but perhaps more importantly, they can hypercharge an organization’s capacity to change".

Smaller cloud service providers, who do not have the same resources and infrastructure as hyperscalers, rely on vertical clouds to be smarter and more agile, and to ensure maximum efficiency for their customers. "Organizations will find much more than hyperscaler-developed products and services in industry clouds. Indeed, there is a growing ecosystem of sector-specific business capabilities from established vendors such as MuleSoft, Oracle, Salesforce, SAP, ServiceNow as well as startup and open-source projects", reads Deloitte's Tech trends for 2022 report5. The industries and activities targeted include space, HPC, AI and IoT.

4/ Supplier recovery and portability requirements

It is difficult to devise an exit strategy from a cloud provider, which is one reason why many organisations do not develop one. Another reason is that many organisations do not consider "repatriating" anything from the cloud. Yet an exit strategy is critical to the success of an organisation's cloud strategy. To paraphrase Gartner analyst Marco Meinardi, "It’s like having an insurance policy in your drawer, that you hopefully will never need to use" 6.

Prepare your exit strategy: an insurance policy you hopefully will never need to use

Although massive moves to remove workloads from the cloud are rare, it is essential to have an exit strategy that outlines the dependencies and choices available to the business, should circumstances change. In addition, several regulators, particularly in the EU and the financial sector, now require an exit strategy. 

In addition to the terms of recovery of its data, the company will need to consider the portability of the assets it has entrusted to the cloud, i.e. the ability to move its data and applications from one cloud service provider to another, as well as their ownership, the latter being subject to the laws of the country in which the service provider resides.

Before entering into a relationship with a cloud provider, it is wise to check whether it is possible to source services from several providers. In other words, it is important check that the company's operational functioning will still be possible if a decision is made to use several different providers and that the infrastructures and applications thus entrusted to several players will function smoothly or without complex realignment mechanisms. One of the ways of achieving this is through a multi-cloud solution. It is not necessary to start with a multi-cloud services approach, but rather to think of such an approach as a lifeline. Thinking multi-cloud by default then becomes a guarantee of autonomy, a choice freed from the limitations that sometimes weigh on the offer built by the suppliers.

Furthermore, the fate of the data when the contract ends must be clearly defined: recovering one's data is not enough. It is also necessary to have all the necessary guarantees that the service provider will delete them from its own infrastructure. And this is something that must be specified at the beginning of the contractual relationship.

Learn more about EBRC Cloud solutions