Not all clouds are created equal, and neither are cloud providers. A cloud managed services provider (MSP) should be flexible, offering you choices – of hardware, operating system and platform components – to align your cloud deployment with your business and workload requirements. A cloud MSP should also offer the highest levels of security, management and a global presence.

Qualify your cloud MSP with the following questions

“How quickly can you get me up and running?”

Rapid provisioning to support DevOps and quickly roll out new business models and innovative applications is one of the primary reasons to move to the cloud. It’s about seizing competitive advantage. Many providers deliver infrastructure only – virtual CPUs, storage and networking. It’s up to you, or a third party, to configure and manage it, and that can slow your enterprise down.

Look for fully provisioned environments, ready to go.

A provider worthy of consideration uses self-service capabilities and automation to quickly provision hosted cloud environments, helping you achieve DevOps productivity and speed time-tomarket. Operating systems should be patched to current levels, middleware installed, the virtual machines fully configured, tested and verified so that they’re ready for immediate use.

“What are my choices for hardware and operating systems?”

When migrating to the cloud, it’s best to align workload characteristics with the infrastructure to optimize performance. The closer the match to your existing infrastructure, the less complex the task becomes – and that means less risk, lower costs, greater agility and faster time-to-market.

Look for operating environments that align with your needs, not the provider’s.

A provider should be able to support a wide range of operating environments so that the cloud dovetails with your existing environment and skill set – Red Hat Enterprise Linux on x86, Microsoft Windows on x86, or proprietary operating systems like IBM AIX on IBM Power Systems. In addition, the vendor should allow you to precisely match infrastructure and platform services to our workload needs, rather than fixed-size deployments. That lets you deploy on the infrastructure best able to meet your business objectives.

“Can you meet service levels?”

Many enterprises have yet to implement a cloud strategy because they lack confidence that the cloud can reliably deliver the performance and service levels they need. The issue is not just infrastructure – the operating system that runs on top of it must also meet service level requirements, yet some providers will only provide SLAs for servers, storage and/or networking. That increases your business risk, because responsibility is put back on your shoulders.

Look for SLAs that cover the entire managed cloud environment.

Different workloads have different Service Level Agreement requirements, and your provider should be able to deliver the right level at the right price, with SLAs based on workload characteristics. SLAs should span IaaS and PaaS, extending all the way up to the operating system level.

“Can you deliver a consistent experience across my business?”

To meet customer and business expectations, it’s important to have the same infrastructure, software, processes and managed services in place. This is particularly important in a disaster recovery, workload migration or global enterprise scenario. Consistency helps assure SLAs are met and can help minimize the risk of potential technical and performance issues.

Look for a consistent infrastructure, set of management practices, and delivery team – worldwide.

Data center hardware and software should be constantly updated so you are not forced to use backlevel or unpatched infrastructure. The architecture and functionality is uniform, local or global – standardized deployments and service delivery that can reduce risk and complexity.

“Can I mix public and private clouds?”

Deployment choices let you select the cloud that best matches your workload and business requirements – a public cloud for cost-effective, rapid scalability or a private cloud for greater security capabilities with consistent management that can simplify DevOps for greater business agility.

Look for a cloud portfolio that delivers both choice and consistency.

A managed cloud provider should enable you to deploy different parts of your enterprise workloads – such as various SAP modules – where they make the most sense based on security, scalability and SLA requirements. That means public or private clouds, all from the same provider. Management should be simple and streamlined, so that you gain business agility that helps you respond to new customer demands and competitive threats.

“How well qualified are you to meet my needs?”

Cloud managed services should not limit your options, yet many providers do by depending on third parties. That can add complexity and risk to the relationship and may open up service and skill gaps. Looking at total expertise and the ability to deliver a full range of services can help accelerate business results.

Look for a single provider able to help meet your needs from end to end.

A provider should have the full range of required knowledge, service portfolio, skills and experience in-house. Seek one relationship with a single partner able to add value to the cloud, with professional services that include migration and strategy, a choice of delivery models, and support for options such as use of your own hardware.

“Where is my data, exactly?”

Not all providers can house your data where you expect it to be. You may know nothing about the security and risk exposure of the data center where your data and applications are actually housed. And data sovereignty requirements might require you to store data in a particular location – something you may not be able to meet without the assurance that your data is where you placed it.

Look for control of your infrastructure and data.

A provider should keep your data in the same city where you agree it should be placed. The provider should also have a data center network extensive enough to house data on its own infrastructure where it claims to do business, rather than having to turn to third parties. In addition, it should have secure disaster recovery sites so that you know where your data goes in the event of an outage.

“Who’s responsible for security?”

Maintaining security is a never-ending task, from monitoring and prevention of attacks to applying security patches, hardening infrastructure and managing access. Not all providers can take responsibility for all that needs to be done. When working with a potential vendor, understanding what level of security compliance they provide – and how much work they do to prove that compliance, is important. Where does the division of responsibility begin and end? For some providers, once they have provided you with the server hardware – the overall responsibility for workload security and compliance rests with you.

Look at how the provider manages their own security.

The provider should provide security for client cloud deployments using the same tools, standards and methods that protect its own systems. It should also be able to take full responsibility for everything or any subset of things that are part of the managed cloud rather than leave it to you or a third party. Provider and client security responsibilities should be clearly defined so there are no gaps.

“How do I know your security is adequate?”

Simply claiming that a cloud is secure and can help you meet your compliance obligations isn’t enough. Since you’re responsible for compliance with regulatory mandates, your provider should have capabilities that help you meet applicable standards. Some may show many certifications, but look closer and you may find that coverage is only for select services and/ or locations. Ongoing security should include regular vulnerability scanning that covers the entire infrastructure – both hardware and software – as well as policies and procedures.

Look for quality in security and compliance.

Look for certification to ISO 27001 and 27018 standards. Check that your vendor can provide an environment that helps you meet your compliance requirements for PCI Standards (PCI-DSS). All certifications and security measures should be validated annually by external auditors with evidence demonstrated through AICPA Service Organization Control (SOC) level 1 and 2 reporting.

“How extensive are your security measures?”

Security threats can come from any direction – over the network, from malware, unauthorized access, software exploits, even physical theft. Any gap in security can leave your enterprise vulnerable. Not all cloud providers are able to offer comprehensive capabilities to help protect your cloud, your data – and your applications – which puts the security burden on you.

Look for security in depth.

A provider should build in multiple layers of security, from the data center all the way through to the operating system. Clouds should be hosted in Tier-3 – or equivalent – data centers with best-of-breed physical security. Server instances and storage should be segregated to isolate your data, and backup media should encrypted in case of loss. Security should also cover the OS, database and middleware as part of the service, with vulnerability management provided for the managed environment.

“What if something goes wrong?”

Failure to recover promptly from a disaster can have dramatic, long-lasting impacts on your enterprise. There’s more than lost revenue and productivity at stake; customer confidence can be irreversibly damaged by a poorly handled outage.

Look for backup and recovery that is not an afterthought.

A provider should be able to deliver alternate-site disaster recovery and help you get back online quickly, with productionlevel SLAs that remain in effect during the disaster. That capability should also be tested regularly, and disaster recovery consulting should be provided to ensure that you have a reliable, optimized plan in place.

“How much experience do you have in IT security?”

Security is a very complex, systemic issue where experience matters, because not all providers have had to deal with threats that extend beyond their own, limited set of services and competencies. It’s important that the provider has seen, and successfully managed, a broad range of security issues.

Look for experience in enterprise computing.

A provider should have security controls that meet or exceed industry best practices at the management layer, with the same standard security policies applied to all clients. Ask about the vendor’s track record of delivering reliable, resilient, IT services with robust security capabilities– proven success in traditional enterprise IT and cloud security can help give you peace of mind that your cloud will be equally well protected.

“Can you manage the whole cloud stack for me, both IaaS and PaaS?”

One of the reasons enterprises partner with a cloud managed services provider is to ease the burden of management – the cost, complexity, risk and impact on productivity and service levels. But some vendors only get you partway there, with services that do not span both the infrastructure and the platform that runs on top of it. They may rely on third parties or not offer the services you need at all.

Look for an environment managed from end to end.

If you have a provider you should be able to cover everything from the infrastructure to the operating system, middleware and databases, and even the application environment. Your staff should not have to focus on day-to-day management, so they can spend time working on higher-value projects that can drive innovation and competitive advantage.

“How robust are your management practices?”

Comprehensive, best-practice management of the cloud infrastructure and platform that sits on top of it can improve productivity and helps ensure higher service levels by reducing the workload on your IT staff. That can enable you to reliably meet customer expectations and achieve business objectives for service delivery and cost.

Look for consistent management according to recognized standards.

The provider should use a common management platform that brings together business, IT and operational support for uniform end-to-end management. All management processes should be ITIL compliant, ensuring that current industry best practices are followed. That means consistency and repeatability, with a high degree of automation that can improve efficiency and effectiveness.

“Can you simplify tasks for my IT staff?”

Even with a fully managed cloud, IT staff must perform procedures such as provisioning and configuration. Multiple management interfaces, processes and skill sets add to complexity and cost, and can bring down productivity. It becomes more difficult to access cloud resources and accomplish the tasks that your staff is responsible for – when it should be simpler.

Look for streamlined, automated cloud management.

The vendor should provide a simple self-service interface that enables rapid access to the managed environment and all services. With such an interface, staff can select hardware, CPU, memory and storage, along with service level, operating system and optional services such as application monitoring. This ability to leverage automation and unified management tools can speed time-to-market and enhance DevOps productivity.

“Can you fully support my enterprise applications?”

Enterprises are gaining significant business value by cloudenabling enterprise applications such as SAP and Oracle, along with their data. But that creates a new challenge for IT: managing and securing a cloud deployment alongside the core IT infrastructure, along with the applications and databases. Some cloud providers struggle to provide full support for these environments.

Look for dedicated support for leading enterprise applications.

For users of these enterprise applications, the vendor should offer managed as-a-service support that encompasses the entire enterprise platform. A vendor that can manage up the stack, including core infrastructure and enterprise platform components such as the SAP Basis and database layers, business-centric SLAs for enterprise applications including SAP, SAP HANA and Oracle will be better able to help maintain service level commitments.

“Can you assist me in migrating my cloudenabled workloads to your environment?”

“Lifting and shifting” key enterprise workloads to a cloud environment is often required to quickly and efficiently address business needs. However, the move can be a complicated process that impacts your productivity, consuming valuable IT resources. If your provider does not support your choice of operating system, it may not be possible at all.

Look for the ability to ease transition to the cloud

The provider should offer dedicated services that utilize standardized, repeatable processes and automation to simplifying the move and reduce migration costs compared to re-installing applications. The provider should also allow you to maintain your existing application configuration, and not force expensive, time-consuming upgrades of customized applications such as SAP.

“Can I choose what I want you to manage for me?”

While a provider should offer a robust set of managed services that extend from basic infrastructure up through the platform that runs on it, you should not be forced to accept services you neither want nor need. It may be preferable, for internal compliance, security or organizational reasons, to keep some management activities and responsibilities in the hands of your IT staff.

Look for flexibility in management

The provider should give you choices in how you manage your cloud environment, offering a full set of services but allowing you to take on management tasks to the greatest degree possible if that is your requirement. Look for multiple levels of service, up to and including unmanaged infrastructure. That lets you match the service you receive to your individual business needs.

“Regulations require me to house my data in a specific region. Do you have a data center there?”

Data sovereignty mandates often require data to be placed where business is done. That makes point of presence a critical selection criterion for global enterprises. A cloud provider that does not have a data center where the client needs it might have to bring in a third party whose infrastructure and support capacity doesn’t align with business needs. That can potentially add to security concerns and potentially impact critical SLAs.

Look for a global data center network.

The provider should have data centers owned and operated by its own staff in the locations you require. And in those cases where specific requirements demand hosting in a location that the provider does not serve, a rigorous approval methodology should be in place to help ensure that the data center you do use meets your standards for infrastructure, SLA, cost and security.

“Are your data centers and management services all the same?”

Global enterprises need to deliver a consistent experience to their business and their customers regardless of location. Borders should not matter; the enterprise should appear the same everywhere. If a cloud provider cannot deliver the same environment, management service, standards and delivery methods everywhere, it can be difficult to achieve that consistency.

Look for the same cloud experience, everywhere.

The provider should deliver the cloud you contract for, whether it’s in Asia, North America or anywhere else. Look for a consistent, one-team, one-practice approach with standardized services, management and infrastructure that helps to ensure uniform delivery and service levels worldwide.

“What if I need to move data from one data center to another?”

Transporting large volumes of data from one location to another can significantly increase costs with some providers. It also can expose that data to increased risk of interception, if the provider must use the Internet. That can inhibit business agility, because there may be strong financial and security incentives to not move data even if there’s a good business reason to do so.

Look for a provider with its own global network.

A provider should have a private global network connecting all its data centers. Selecting such a provider can give you greater agility as you respond to shifting marketplace, business and regulatory needs. A secure private network can also enhance disaster recovery by allowing rapid restoration from an alternate site.

“What if your data center partner goes out of business?”

Reliance on third parties to build out a global data center network adds a new risk factor: the cloud provider may not be able to control the reliability of the third party, nor be willing to assume liability for protection of your data.

Look for a provider able to house your data in its own data centers.

A provider that owns and operates a global network of data centers need not rely on third parties. Know who is providing the infrastructure’s availability and safeguarding your data. Also look to see that your data will not be shifted from its specified location, unless you ask for it to be moved.

In Summary

When you are shopping for a cloud MSP, what you are looking for is a vendor who can provide a production-ready cloud environment built for enterprise-class performance, combining a robust IaaS solution with a full set of managed services. You need a “fit-for-purpose” on- or off-premises answer for your cloud needs, delivering:

  • A wide choice of compute, storage and network configurations that are highly flexible, scalable and available, supporting Linux, Windows and IBM AIX and multiple database and middleware options
  • Best-practice security with vulnerability scanning and protection from physical intrusion
  • Disaster recovery on a global scale with failover and fallback
  • Compliance services that meet the most rigorous standards for privacy and protection
  • Solutions for SAP, SAP HANA and Oracle along with other ERP and CRM workloads, so you can cloud-enable your own applications

When you are ready to run these questions by a service provider, run them by Flagship. Flagship can provide all of this and more. Schedule a consultation today to learn more.

If you liked this blog, you might also like:  Why a Managed Cloud?

logo-ibmStay connected online:

Facebook | Twitter | LinkedIn | Instagram

Managed Services

Flagship Solutions Group can deliver efficiencies across hybrid infrastructures with a broad range of capabilities. We offer clients theflexibility to select the degree of support they want for each layer of infrastructure — from basic monitoring and management to long-term arrangements based on an innovation path designed to replace an aging or inflexible infrastructure with new technology.

Infographic: DIY vs MSP

What should you do to keep your IT house in order? While DIY could save more in upfront costs, it can also be a complex and drawn-out process that yields long-term operating expenses. The same principle applies to IT infrastructure improvements, software utilization, and data center management. Here’s a comparison between doing it yourself (DIY) and hiring a Managed Service Provider (MSP) to take on the task for you.

eBook: Top 10 tips for selecting a managed services provider

Everyone’s looking to IT to create business value and innovation. But you’re short on resources. How do you pull that off? A cloud and managed services provider can help.The right vendor should show you that it can provide skills, processes and resources that exceed your in-house capabilities. Does it have what it takes to help your business transform?To find the answer, look for 10 key criteria.

White Paper: Using Managed Services to Transform Your Business

Utilizing a managed services provider can help you transform your business by saving you money, keeping you ahead of technology issues and making your employees more productive. Learn more.

Infographic: Choosing the right managed services provider for your IT infrastructure

The pressure’s on. Everyone’s looking to IT to create business value and innovation. But running IT is no easy task these days. A managed services provider can help. 

White Paper – IDC: Managed Services: Ensuring Enterprise Transformation to Hybrid IT

In today’s digital economy, executives report that aligning IT with business imperatives is a challenge. Plus, newer technologies are driving fundamental changes in how people interact with organizations. To stay competitive, enterprises are turning to managed services providers to help:• Transform their business by shifting to hybrid IT capabilities• Gain agility to better adapt to market dynamics• Optimize productivity and performance• Achieve integrated hybrid IT service delivery and managementLearn all this and more when you download the IDC white paper “Managed services: Ensuring enterprise transformation to hybrid IT.” 

Transforming Your Business to Hybrid IT with Managed Services

David Tapper, VP Outsourcing and Offshore Services, IDC, discusses how enterprise can ensure a smooth transformation to the hybrid IT environment using managed services. To learn more about how you can effectively transition to utilizing emerging and disruptive technology and services, download the IDC white paper “Managed Services: Ensuring Enterprise Transformation to Hybrid IT” at

Research Report: Optimized Sourcing in Hybrid IT Environments

Smart companies today are rethinking how they source and manage increasingly hybridized IT environments. In this research report, Saugatuck Technology draws on work they’ve done with hundreds of organizations to help you understand:  How and why hybrid IT is developing and acceleratingHow to recognize and anticipate critical needs that can increase costs and compromise operationsHow to find the best qualified providers to help you “optimize by outsourcing”

Navigating your Digital Transformation with IBM Integrated Managed Infrastructure Services

To accelerate digital transformation, many companies are adopting new technologies like cloud and mobile, which result in a hybrid, enterprise IT infrastructure.