Key Considerations for Vetting Cloud Vendors

The relationship between a cloud provider and service provider tends to be very sticky. Think about it: If an MSP has 50 customers buying cloud services and the MSP receives an offer for a lower rate from a competitive cloud provider, does it make the switch? The likely answer: probably not, because it’s very disruptive to the MSP and its customers to switch.

7 Min Read
Key Considerations for Vetting Cloud Vendors

The relationship between a cloud provider and service provider tends to be very sticky. Think about it: If an MSP has 50 customers buying cloud services and the MSP receives an offer for a lower rate from a competitive cloud provider, does it make the switch? The likely answer: probably not, because it’s very disruptive to the MSP and its customers to switch.

It would take a significant cost reduction usually combined with other factors such as poor performance or bad service to instigate a change. For MSPs with customers in highly regulated industries such as finance or health care, it can be even trickier, because they need to document each step to ensure they maintain compliance and don’t compromise any sensitive information. Failure to do so could result in a stiff fine.

Why do we point this out? Merely to accentuate the fact that the relationship between an MSP and its cloud service provider is one that will likely last for a long time, and it is in fact one you hope lasts for a very long time.

As with any long-term relationship, you want to make sure it is going to be a good one. For example, when you hire new employees, you want to conduct multiple interviews, reference checks, a background check and maybe even a trial period. In the same way, you want to perform due diligence before engaging with a cloud vendor. Properly vetting the vendor is important not only to ensure you have good service and a reliable solution, but it also reduces the likelihood of teaming up with a cloud vendor that eventually makes the news for closing its doors. Unfortunately, customers of the public cloud storage service provider Nirvanix learned the hard way how to deal with the challenges of a cloud company going out of business and giving its customers a very short time to get their data off its servers.

At Ingram Micro, we work with over 155 different cloud solutions, and we know our resellers count on us to do a thorough due diligence evaluation of our vendors. Here are a few guidelines developed by our team, based on working with hundreds of VARs, MSPs and CSPs and helping them make the transition to selling cloud services. We call the process we’ve developed and recommend the Due Diligence Lifecycle (DDL). Like its name implies, the DDL is not just a one-time event—it’s an ongoing process that includes evaluating and onboarding new vendors, performing ongoing health checks and ultimately retiring solutions and vendors.

Due Diligence Steps to Take Before Signing with a Cloud Vendor

The first step in the DDL occurs when you’re ready to select a cloud vendor. Before you look at the provider’s technology, it’s important to look at the health of its business. “How long has it been in business, how is it funded, what is its current debt, and what do its past, present and projected revenue and profitability look like?” are some good questions to start with.

If a cloud vendor candidate has a healthy business and passes the first test, only then is it time to evaluate its cloud solution. The next step is to consider the personnel and infrastructure supporting its solution. On the personnel side, you want to know how many people the cloud vendor has dedicated to operations, engineering and support.

Following this, you’ll want to discuss the vendor’s technology processes. This involves its solution product life cycle as well as how it handles incident, problem and change management. One of the first questions you’ll want to know about the vendor’s infrastructure is what type of audit it has passed. Ideally, you want to work with a vendor that’s passed an SSAE (Statement on Standards for Attestation Engagements) 16 audit, which means that it has redundant power, data redundancy and physical security processes in place—the necessary foundation for storing your customers’ data. If the cloud vendor hasn’t gone through a certification or audit process, then you’ll need to review the various components of its solution. This includes the data center (and it would take a whole other article to cover this area), servers, storage, networking, security and any third-party providers that might be part of the solution.

Beyond this foundation, it’s important to find out about the provider’s capabilities (and the costs) for redundancy, backup and recovery services. This is important, because you might find that redundancy is not a default offering or the backup is reasonably priced but its recovery services are either insufficient (e.g., the provider will mail you a stack of DVDs with your customer’s data in the event your customer’s local server crashes) or very expensive.

Another important technology-related question that’s important to know ahead of time is whether the cloud vendor offers services beyond its basic cloud offering. For example, with a cloud storage solution, does it offer the ability to spin up backups in the cloud as usable servers? Or can it help you migrate some of your customers’ legacy on-premises infrastructure to its secure cloud data center, thereby saving your customer money and helping you earn monthly recurring revenue?

Even if a cloud provider passes the first set of criteria, you still don’t want to move forward until you know this: How channel-friendly is it? The last thing you want to do is move your customers’ data and infrastructure to a cloud vendor’s data center, only to have it compete against you for your customers’ continued business. In addition to any written policies a potential cloud vendor candidate might have to defend its channel-friendly claims, it’s a good idea to also get a list of references from a few other channel companies using the provider’s services.

And being channel-friendly isn’t only about competition. There are other questions to ask on this front. Are the solutions truly multi-tenant (which ensures separation of customers and reporting)? Are there portals for you to control your customers’ environments? Can it be white-labeled? Can you package services with the cloud solution? Is there a reasonable solution margin?

Don’t Neglect Periodic Health Checks and Be Prepared for Changes

Once you’ve signed an agreement (of course, with the appropriate SLAs included) and started working with a new cloud vendor, it’s important to stay in touch with the vendor regularly to get an update on all the key checkpoints that led you to sign with it in the first place. After all, things change—sometimes for the better, sometimes not. Most people only focus on existing vendors when there is a problem, but just as it was important to vet a new vendor before signing on, it’s equally important to do so on an ongoing basis. As part of a periodic health check of your vendor, it’s a good opportunity to confirm its financial health is still solid, find out what kinds of infrastructure upgrades and new services it’s coming out with, check on how its processes are working, review its performance metrics since the last check, and discover any leadership changes and/or acquisitions that may be in the works. All these discussion points are good topics to dig into, as they can be markers of a change in a cloud vendor’s services, support, quality and go-to-market strategy.

Sometimes, even though you did everything right up front, a cloud vendor could change from a good fit to a poor fit. In that case, you’ll need to execute a vendor retirement plan. Here, the process involves following the termination clauses in your agreement, cleaning up sales and marketing material, notifying customers and removing billing materials.

Should this situation occur, it’s important to be prepared to explain your reasons to both the cloud vendor and the key stakeholders in your company, so the process can be executed as efficiently as possible. It also will be important for the management team to discuss options for replacing the vendor and migrating your customers’ data to a new cloud vendor so you can maintain continuity of service. The key message here is that just as we suggest being diligent with developing a new relationship, you also should be diligent when retiring an old one.

There’s no doubt that following the DDL requires extra upfront work for a service provider looking to add a new cloud vendor to its line card. In fact, many of Ingram Micro’s reseller partners list this as one of the top values they receive by utilizing cloud services through our company—because we take on this burden for them. Regardless of whether you choose to take on this task yourself or outsource it to a business partner, following a good DDL helps ensure that you can confidently offer the best quality cloud solutions to your customers.

Paul Hoffmann is Senior Director Cloud and Technology Solutions for Ingram Micro. Guest blogs such as this one are published monthly, and are part of Talkin’ Cloud’s annual platinum sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like