Our Guide to Choosing a Cloud Service Provider

Once you decide to migrate some of your workloads to the cloud, one of your options is to adopt a public cloud deployment, which entails entrusting your workloads to a cloud service provider. While each organization understandably has its own set of criteria for choosing a provider, some organizations don’t know how to start. You can use this guide if you’re still not sure what to consider when choosing a cloud service provider.

What Is Public Cloud Deployment?

To understand what a public cloud deployment is, let’s compare it with a private cloud deployment. A private cloud deployment follows a single-tenant architecture and runs on company-owned infrastructure, whereas a public cloud follows a multi-tenant architecture and runs on infrastructure owned and operated by a third party known as a cloud service provider (CSP).

Well, you could also say that a private cloud follows a multi-tenant architecture, except that the tenants are just various business units within the same organization. Tenants of a public cloud are the cloud service provider’s customers, i.e., other organizations.

It’s worth noting that the traditional lines differentiating public and private clouds are fading gradually, especially with the emergence of virtual private clouds (VPCs) and on-premises extensions of public clouds such as Amazon Web Services (AWS) Outposts, Azure Stack, and Google Anthos. We won’t be discussing those types of clouds here. When we say “public cloud” in this post, we mean it in the traditional sense as defined above.

What Is a Cloud Service Provider?

So, if a public cloud is owned and operated by a CSP, what then is a CSP? A CSP is a third-party entity that offers cloud services using any of the following cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

IaaS CSPs, in particular (the type of CSPs we’ll be focusing on most in this article), own and operate one or more datacenters consisting of physical servers, networks, and storage systems (among other components). They leverage cloud and virtualization technologies to offer IT infrastructure resources such as compute, network, and storage through a pay-per-use billing model wherein customers are charged based on usage.

The three largest cloud service providers are Amazon (AWS), Microsoft (Azure), and Google (Google Cloud Platform or GCP). However, there are also smaller players such as Alibaba, IBM, and Oracle, and even much smaller CSPs owned by lesser-known companies.

Why Do You Need a Cloud Service Provider?

If it’s possible to run your own cloud infrastructure, i.e., a private cloud, why would you need a CSP? Well, there are a number of reasons. Let’s have a look at some of them.

Cost Reduction

Practically every cloud deployment runs on a datacenter. A typical datacenter includes the highly secure, high-tech facility itself with its K-rated fence, steel-reinforced walls, bulletproof guard booths, fiber optic cabling, network operations centers (NOCs), man traps, meet-me rooms (MMRs), multifactor authentication systems (e.g., iris scanners, personal identification numbers, badges), video cameras, uninterruptible power supply (UPS) systems, power generators, HVAC units, water purifying systems, etc.

Inside, on the datacenter floor, there are cages, humidifiers, perforated tiles, physical servers (hundreds of them), server racks, networking devices, storage systems, cables, switches, routers, and several other types of hardware equipment.

This setup can cost tens of millions to hundreds of millions of dollars. From a capital expenditure (CAPEX) standpoint, it’s really quite expensive. And for some organizations, it’s even cost-prohibitive. Although you can host your private cloud at a colocation facility, that won’t eliminate your CAPEX costs completely. You’ll still have to purchase your own racks, servers, and other network equipment.

On the other hand, if you hire a CSP, you can avoid all that upfront cost. Everything, from the entire facility, through the cooling, telecommunications, and security infrastructure, down to the IT equipment, will be purchased, built, deployed, and even managed by your CSP.

Automatic Upgrades

As time goes on, all that hardware, especially the servers, routers, switches, and storage systems, are going to reach their end of life (EOL) or end of service life (EOSL), and they’ll have to be upgraded. That’s going to mean additional costs. The same is true for certain software (e.g., hypervisors). Upgrades can be very disruptive, especially for your IT teams—and in some cases, even your regular employees.

If you outsource your cloud to a CSP, you won’t have to worry about upgrades. Your CSP will handle all hardware refreshes for you automatically. Moreover, when they carry out an upgrade, it’s going to take place in the background. It won’t impact your operations.

Disaster Recovery and Backup

Unfortunate events can happen anytime. Catastrophic natural disasters such as hurricanes, earthquakes, tsunamis, and wildfires or even major cyber incidents such as distributed denial-of-service (DDoS) attacks and ransomware outbreaks can damage or even decimate your IT infrastructure and impact your business operations. To mitigate these risks, you need a backup, disaster recovery, and business continuity plan in place.

That’s easier said than done. Implementing these types of plans entails setting up redundant systems, some of which even have to be situated in another geographical location. This, again, costs a substantial amount of capital. With a CSP, you won’t have to spend as much upfront, especially on hardware, to set up a robust backup, disaster recovery, and business continuity infrastructure.

Moreover, CSPs have multiple geographically dispersed datacenters. The largest ones even have datacenter facilities all around the globe. This global footprint gives you multiple options in selecting a different availability zone or region for this purpose. That way, even if, say, the entire US East Coast operation of your CSP is affected by a massive DDoS attack, you can still continue serving your users.

Fast Response Times

Most CSPs provide 24/7 technical support. That means, if something goes wrong, e.g., a virtual machine won’t start, or your connection becomes atrociously slow, or your site becomes unreachable, you can be sure you’ll have someone available to help you resolve the issue.

Hiring and maintaining a 24/7 highly trained tech support staff in-house can be expensive and, with the current IT talent shortage, might even be difficult to pull off. Thus, if you have inadequate or, worse, non-existent 24/7 support, your issue might take hours or much longer to resolve. In some cases, especially for business-critical applications, that amount of lead time might be unacceptable.

Network Security

Another area with a serious talent shortage is cybersecurity. That’s why some businesses don’t have a dedicated cybersecurity team. Unfortunately, when you have a lot of sensitive data and several business-critical applications in your IT infrastructure, it’s also going to attract a lot of threat actors.

Cloud service providers, especially the larger players, have an array of cybersecurity controls built into their environment. They have several cloud security features (data-at-rest encryption, Identity and Access Management (IAM) systems, network isolation, etc.) that can improve your security posture. CSPs even have a wide selection of partners offering security services that can augment your existing controls and help you adopt a defense in-depth security strategy.

Reliable Infrastructure

Cloud environments are supposed to support business-critical applications and data. Hence, they need to be reliable from a security, power, connectivity, and IT standpoint. Sure, no one’s stopping you from building an infrastructure with those qualities.

The problem is, that putting together such an infrastructure would require a high level of expertise and high degrees of redundancy. Both requirements are expensive. If you review the section above regarding costs, it’s clear that building your own reliable private cloud can be very demanding, both operationally and financially. If it’s not related to your core business directly, it doesn’t make a lot of sense to go into it yourself.

CSPs, on the other hand, already have the expertise and the infrastructure readily available. And, because of economies of scale, their infrastructure is many times more reliable than what you can hope to build.

What Factors Should You Consider When Choosing a Cloud Service Provider?

Now that you know the advantages of hiring a cloud service provider, we won’t be surprised if you’re warming up to the idea of adopting a public cloud strategy. Before you do, you must be aware that because there are several cloud service providers out there, it can be difficult to choose the right one for your business. Here are some things to look for when going through your list.

Compliance with Relevant Certifications and Standards

While they’re certainly not the only criteria to base your buying decision on, certifications are a good indicator of a CSP’s competencies. In addition, because compliance with a particular standard takes a lot of time, money, and effort, it demonstrates the CSP’s drive to excel and fulfill the needs of its target clientele.

There are several standards and certifications out there, for example, those designated by the

You also need to understand that not all are relevant to your business. Before doing due diligence, it will help to be familiar with the certifications and standards that are relevant to your industry and business goals. For example, if you’re dealing with credit card data, then you’ll want to look for Payment Card Industry Data Security Standard (PCI DSS) certification. Or if you’re operating in the healthcare industry, you’ll want to look for HIPAA and/or Health Information Trust Alliance (HITRUST) compliance.

Alignment of Technologies and Service Roadmaps with Business Needs

CSPs—especially the large players—offer hundreds of cloud services, but you won’t be needing all of them. And so, if part of your evaluation of every single CSP in your shortlist involves browsing through all their services and supported technologies, it will only be a waste of time. A better approach would be to identify beforehand what specific services and technologies you’re looking for and then compare each CSP based on how many items on your checklist they’ve managed to check off.

Also, try to understand how much customization you need to perform on your end to migrate onto a CSP’s platform. This is particularly important if you’ll be doing refactoring and/or rebinding type of migration, which would entail some re-architecting and recoding on your end.

Adherence with Data Governance and Security Policies

As a good steward of customer data, you’re likely to have a set of data governance, privacy, and security policies in place. Some of those policies might have been made in accordance with data localization laws and, hence, dictate in what geographical regions you should store any personal data you’ve collected. This should narrow down your choices to providers that operate in those said regions.

Other policies may likewise require you to implement certain data security controls such as encryption, multi-factor authentication, network segmentation, and so on. Look for providers that make the implementation of these controls easy on your part. If possible, these controls should be readily available and offered as built-in features.

Transparency in Service Dependencies and Partnerships

Some cloud service providers outsource some components of their services to other third parties. This kind of service dependency is particularly common in SaaS solutions. For instance, most SaaS solutions are built on top of IaaS platforms operated by large CSPs such as AWS and Azure. Thus, any outage on the IaaS platform is sure to impact those SaaS applications running on top of it. This is exactly what happened to Slack, Asana, and Trello when AWS suffered an outage last year.

If you want to know how resilient a particular SaaS cloud service provider is, you should study the service dependencies of their SaaS application and find out if the third parties they’re outsourcing to have the infrastructure and competency to maintain acceptable levels of availability and security.

Provision of Clear and Equitable Provider Contracts and SLAs

Service Level Agreements (SLAs) and other similar contracts are crucial because they’re supposed to define quantitatively (e.g., 99.999% uptime) your provider’s deliverables along with the subsequent remedies you’re entitled to in the event service levels are not met. For this reason, it’s important to make sure each provision in the provider’s SLA is clear and equitable.

If you think a particular provision isn’t favorable enough or if you wish to add other provisions, try to negotiate a more customized SLA. In this regard, you can expect smaller CSPs to be more receptive to the idea of making changes to their SLAs than the larger providers.

Track Record of Performance and Reliability

Don’t just rely on SLAs. Check the provider’s track record in meeting their SLAs. Some CSPs publish this information online. If the CSP you’re evaluating hasn’t, request it. They should be able to provide you with performance data from the last 6–12 months.

If there are instances when their SLAs weren’t met, ask why that happened, and inquire if any remedies have been made to prevent the same incidents from occurring again. While SLA violations can happen, it’s important to get the proper context and, more importantly, see if measures have been taken to minimize future risk.

Parallels RAS: Simplify Virtual Application and Desktop Delivery with Your Chosen Cloud Service Provider

Increased adoption of work-from-home and other variations of remote work has, in turn, driven demand for virtual application and desktop solutions. Understandably, organizations with stringent requirements for scalability, availability, cost-efficiency, and security prefer their virtual applications and desktops delivered through the cloud—ideally, from their chosen cloud service provider.

One solution that can meet this need easily is Parallels® Remote Application Server (RAS), an all-in-one virtual desktop infrastructure (VDI) solution that not only delivers virtual applications and desktops to any device but also supports deployments on all major cloud service providers, i.e., AWS, Azure, and Google Cloud Platform. This deployment flexibility ensures that organizations can work with Parallels RAS regardless of which CSP they’re comfortable with.

With its pre-built templates and configuration wizards, Parallels RAS is easy to set up and can get you up and running in just a few hours. Yes, your existing IT team can set it up themselves.

Looking for a way to deliver virtual applications and desktops from your chosen cloud service provider?

Download the Trial