Lately we’ve seen some New Zealand software vendors pushing into cloud hosted offerings, which is great to see, and I hope to see this mindset continue.
Moving software applications to the cloud helps business customers in lots of ways: primarily, the need to have expensive infrastructure such as servers and everything that goes along with it disappear when your line of business app becomes cloud based.
One thing to stop and think about is the term “cloud” and what it means.
A simple view of the cloud is a remote system that businesses access via an internet connection rather than through physical cables inside their business premises.
However “cloud servers” storing the software and related data still reside in physical datacentres which are specially built to house and keep the cloud servers safe (both physically and digitally).
The terms datacentre and cloud are open to interpretation, and this is where mistakes can happen.
On one end of the spectrum, you can have highly available and secure data centres (like those run by Microsoft and AWS for example) that comply with a range of certifications and at the other extreme, a shipping container full of server racks sitting in a field (trust us, this does happen!).
We always recommend getting information from your software vendor about how their cloud offering works and exactly where it is physically located. So here are some common questions to check off with them:
1) Where is my data located? Is the datacentre NZ based or offshore, and if so, where?
Some businesses have a legal requirement to have data housed in New Zealand and some just feel better knowing it’s local. Whatever your reason, knowing where your data resides is important not only for your main production system but also any backup/failover systems.
If you are planning to access cloud applications over the internet, then clearly having it close to you is better than being on the other side of the planet due to issues with latency as your data travels via undersea cables.
Recently we had a customer enquire with us why their voice system wasn’t working very well. Turns out it was hosted in the USA and the customer had no idea.
2) What data centre provider are you using, and can you supply the certifications that data centre has gained?
Data centre providers generally have a list of certifications such as SOC, PCI DSS, ISO 27001, etc. These allow an ‘apples for apples’ comparison as to how they stack up against others.
Keep in mind your software vendor should have a least two locations that make up their offer. Having a single data centre isn’t going to help if that centre suffers a disaster such as an earthquake, fire or flooding.
3) What does redundancy look like? Power, data, computers, site, etc
Being that the ‘cloud’ is just a name given to a collection of physical servers, these can still fail and a whole range of other issues can happen such as power loss due to physical factors including weather events, earthquakes, fire or wider issues with the power grid in the place the data centre is located.
When your software vendor is scoping their offering, they may have chosen to go ‘high availability’ meaning you shouldn’t see any impact to your service, or they may have taken a cheaper option. It’s in your best interests to know what to expect if (or when) they have issues.
4) What backup schedule is my data using? Where are the backups stored?
Just like hosting it yourself, having a software vendor do it still requires that your backups are available. So what do these look like? Are they run every minute or every month? It’s always a good idea to understand how often these are performed and what to expect if you need to roll back for some reason.
Also, where are these backups stored? Are they encrypted or immutable?
5) What backup retention are you providing? Can I go back a couple of years?
Are your backups kept forever or for a week? Getting a clear understanding of what options are available gives you the chance to fill in the shortfall or accept what they offer.
6) What options do I have around securing access to my data? Is multi factor authentication an option?
Hosting in the cloud is great for lots of reasons, and hackers love it also! Ask your software provider what options they have in place around securing your data and application. It’s important you don’t forgo security over cost and convenience as it may cost you a lot more in the long run.
How we can help
It’s a bit of a minefield navigating all these questions with your software vendor and as always, we can be your voice in these discussions to ensure you know exactly what you’re getting. Drop us a line or call to book in a conversation if you are currently researching your options and would like our advice.