Questions to ask of Cloud application supplier?

A friend’s travel company tired of all the hassles of maintaining their own reservations database server and is moving to a “cloud based” version. My friend is of course concerned with data integrity and redundancy.

What questions should she ask of them and what answers should she hear?

157 views and no replies?

Sorry gaffa, I don’t know much about it, and it seems like a relatively obscure problem. You might want to ask people about their cloud data backup experiences, which is similar enough to be useful and which has been discussed before on this board (or search for those threads). I’m guessing here, but I think you’d want

  1. High redundancy - at least one backup, possibly more, and for even greater assurance, backup at more than one physical location
  2. security - you don’t want people hacking your data, but I’m not sure what specifically to look for other than https
  3. low downtime - providers will usually have statistics showing the average and maximum time any of their clients experienced lack of service

Also see if they have multiple levels of service - they might have an option for ridiculously secure service but it isn’t worth it to you, you may want a lower level of service that is less costly

Off the top of my head: Ask them at a very minimum

  • What their SLA is; this should be either in the “99.9% uptime” format, or a “no more than x minutes/hours of downtime per year”. Also ask what happens when they do not meet this SLA.
  • What their backup policy is; should be at least daily with the option to have transaction logs backed up for a point in time recovery.
  • How long it will take to restore a database from backup, and how frequently they test their backups
  • What their disaster recovery policy is; do they have multiple distributed sites and data centres; do they fail over automatically in the case of failure in one?
  • How is data encrypted in transit between their database server and your offices?
  • How is access to this database secured? Do they use a VPN, or usernames/passwords?
  • What are their policies for encrypting data that is stored on their servers? Who holds these encryption keys, if applicable?
  • What is their policy for allowing physical access to their datacenter?

If there are any regulatory guidelines that you have to follow in your line of business, ask them if they meet those standards.

I’ll see if I can think of anything else, but that should get you at least some way towards the answers you need, I hope.