|
By Jennifer Smith
 No hardware, no software, no hassle! Send your information into the cloud for an easier working life!
Perhaps, but as responsible Information Managers, you'll want to ask careful questions to the companies offering to host your information. This article highlights ten areas you should ask about when evaluating a hosting provider.
But first, why is this your responsibility and not something to leave to your IT team? If you are responsible for information, your users are relying on you to keep it safe and readily accessible. If you choose to use external hosting services, your IT team may have limited involvement. Consequently, they may not wish to spend much time evaluating your hosting provider, nor do they necessarily have the experience to know how to evaluate them. You need to know what questions to ask to ensure the information for which you are responsible is hosted securely.
Being a new area, everyone has slightly different definitions, but these are mine:
- Hosting: housing computer files and applications over the Internet with an external company, such as hosted Sharepoint
- Software as a service (SaaS): a subscription application you use over the Internet, such as Salesforce
- Cloud computing: highly scalable, on-demand hosting of generic computing resources, such as provided by Amazon EC2
You may be evaluating hosting for your library management system, a know-how database, or SaaS products for enquiries tracking. In this article, I use hosting as a generic term referring to any of these services, as the same questions apply when evaluating all providers.
1. Security
The crucial question for everyone choosing a hosted provider is security. It is difficult to prove a service is secure, but the sorts of security provision you should look for are:
-
Compartmentalisation: to ensure clients cannot access other client's data by mistake when hosted on the same server
-
Double fire-walling: on the host servers and at the network border
-
Encryption: of all communications using SSL (Secure Sockets Layer) certification
-
Cryptographic authentication: for all systems administration and server messaging
-
Procedures: for regularly reviewing and keeping up to date their system security.
Of course, the greatest security threat is always your users. It is essential that all users of your system choose and protect secure passwords.
2. Servers
Although we talk nebulously about information 'in the cloud', your information inevitably is stored on physical servers. With a wide variety of servers on the market, you should check your hosted provider is using good quality servers, not just the cheapest. Top tier vendors like Sun Microsystems, HP and IBM are always likely to be a good bet. Vendors who compete on cost, like Dell, can be much cheaper where appropriate for the service provided, but they're not always the best choice in the long run.
Ask your provider why they chose their particular servers. This was likely to be an important decision for any provider that takes their hosting seriously. You'll want to hear a well-thought out, logical argument. You should also check the support arrangements the provider has with their server suppliers to guarantee quick replacement parts in an emergency.
3. Location of servers
The location of the servers is a critical question to ask your hosted provider. They should be housed in special data centres built and managed specifically for servers with:
Housing servers in data centres also has the benefit of having your system close to fast Internet connections.
You'll want your hosted provider to have servers in multiple locations for risk management. You should also check the country in which the servers are located as many hosted providers use servers in the USA. You'll need to think carefully about whether you want your information going beyond the UK or European Economic Area. (See Note 1)
4. Storage & scalability
Hosting is normally priced based on the storage and bandwidth required. Predict your future needs by how many man-years went into creating the information you already have, plus a bit extra. You should be able to buy more storage as you need it without penalty.
For most organisations the ability to instantly increase or decrease storage probably isn't necessary. But for some, it can be one of the main benefits of cloud computing, so for those ask about how quickly and at what price extra storage can be provided or removed.
5. Software
You will need to access your information via some sort of user interface. For SaaS this will be the application you're subscribing to, but for other hosting such as web sites or email, it may be a small application to enable you to interact with your information. Check how easy it is to use this software and whether it is standards compliant.
6. Redundancy
Not a popular word amongst employees, but in terms of IT infrastructure redundancy is a very good thing. It means every critical part of the infrastructure is duplicated, so if any piece breaks, the system will carry on working. Your hosted provider's infrastructure should be fully redundant, not just duplicate parts within servers, but also by having multiple servers online, and spares ready setup to take over in an emergency.
7. Back-ups & monitoring
How often is your information backed up? Where is it backed up to? How quickly can it be restored if there's a problem? Depending on your business requirements, you're likely looking for backups to be taken at least once a day, to be backed up to a separate location to where the information is stored, and able to be restored within a few hours.
Systems should be automatically and continuously monitored, and should alert the System Administrators immediately of any problems. The monitoring itself should also be monitored, with regular automatic messages to the Systems Administrators letting them know the systems are running well and the monitoring still live.
Ideally you should have access to a status dashboard. This website, hosted independently of your provider, will give you updated information in the event of a problem.
8. Company
Find out how many years the hosted provider has been in business. Hosting is relatively new, so if the business hasn't existed very long, check instead the number of years experience their key staff have in servers and network maintenance. Ask about their disaster recovery plans and check it doesn't just include hardware recovery, but also plans for loss of key staff and what happens to your information if the company fails.
Some companies offering hosted solutions outsource the hosting to another company. Check whether your provider manages the hosting themselves. This is often better, if they have the experience. If they do outsource, ask all the questions in this checklist about their outsourced hosting providers. If they don't know most of the answers off hand, be concerned about how carefully they have researched their outsourced hosting provider.
Check what tie-ins your provider expects, and how easily you can get out of a contract if their service is not up to standard. Check how easy it is to bulk export all your information when you want to migrate to another provider, and in what format.
9. Service
Does your hosted provider offer 24/7 support with access to knowledgeable support staff? What Service Level Agreement do they offer? What performance and reliability do they provide and guarantee? Compensation for downtime may not be as important to you as the ability to cheaply and easily move providers if they continue to provide poor performance.
How qualified are their staff? There may be no examinations or formal qualifications in this area, but do they have experience in networks, servers, and security? How long have they worked for the company? If staff do have certificates, look for ones in the equipment they are running, such as a Sun certificate for Sun servers or certifications from Cisco for networking.
10. Cost
Like cheap wine and cheap shoes, cheap hosting is best avoided. Your information is a critical asset and you need to ensure it is hosted by a company with the resources to store it securely.
When comparing the cost of hosting information yourselves, make sure you accurately calculate the cost of internal hosting. Include the purchase of hardware and software, the payment of qualified staff to research, set up and maintain the service, and the cost of electricity and space to store the equipment.
Hosting providers are frequently asked the questions in this checklist. They won't be in business for long without ready answers to all these questions. But how often do you ask these questions of your own IT staff? How secure are the servers in which your information is currently stored? Do you know how often your information is backed up, to where, and whether the backups are tested?
For many companies, hosting provides a more secure and less hassle alternative to maintaining their own hosting infrastructure. Use this checklist for reassurance in evaluating your provider.2 But don't let the perceived risks stop you from taking advantage of the benefits of hosting. The future is in the cloud.
Notes
[1] For more information on the international transfer of information and particularly personal data see http://www.ico.gov.uk
[1] See also Gartner's Assessing the Security Risks of Cloud Computing, June 2008 for a more detailed assessment of the security risks of external hosting.
By Jennifer Smith
Jennifer Smith is the co-founder of hosted information management
service, OneIS. Jennifer is a Chartered Librarian with over ten years
of experience in library and information management, and a Masters in
Library and Information Studies from Loughborough University. Her
company website is http://www.oneis.co.uk and she can be found on Twitter at www.twitter.com/jennifersmith.
FUMSI articles by Jennifer Smith »
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif "[Get Copyright Permissions]")
Click here for copyright permissions!
Copyright 2010 Free Pint Limited
Related articles:
You may also be interested in:
|
