Cloud Security

5 things CIOs need to know about cloud service providers

5 things CIOs need to know about cloud service providers
Written by ga_dahmani
5 things CIOs need to know about cloud service providers

What does a cloud service provider (CSP) do? It’s right there in the name: they provide… cloud services.

Well, that’s a bit simplistic, and it’s kind of a cheat, because it defines the term using the same term. But it’s also pretty accurate as an umbrella term for everything from a hyperscale public cloud to a SaaS application provider. Here is a more complete definitionfrom Red Hat:

“Cloud service providers are companies that establish public clouds, manage private clouds, or offer on-demand cloud computing components (also known as cloud computing services) such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and software as a service (SaaS).

For example, Amazon Web Services (AWS), Microsoft Azure, and Google cloud services fall under the cloud service provider umbrella. The broadness of the term reflects the size and diversity of the cloud ecosystem. For IT leaders, it can also create uncertainty: What is the best way to interact with a CSP? Are they essentially all the same? Where does my environment end and theirs begin?

Also, how can I choose cloud service providers to help me with IT and organizational goals, such as modernization strategy, faster deployment, expense management, and flexibility for the future?

[ Want to accelerate application development while reducing cost and complexity? Get the eBook: Modernize your IT with managed cloud services ]

Working with cloud service providers: 5 factors to consider

Let’s look at five important factors to consider about cloud service providers, according to experts in hybrid cloud and multicloud ecosystems.

1. Take a holistic view of costs

Most IT leaders see the value, if not the sheer necessity, of the cloud now. For some processes and use cases, the cloud is also the most cost-effective model. But cloud costs are still significant, and very important. Take your eyes off your expenses and you may be seeing some bills out of control; it’s a fairly common scenario that managing bills from the cloud is a business in itself.

“Cloud service providers can be expensive,” says Gordon Haff, technology evangelist at Red Hat. “That doesn’t mean you shouldn’t use them. But you need to understand where they provide good value for your organization and where you should consider moving workloads on-premises.”

This is one of the reasons hybrid cloud environments are expanding: It doesn’t have to be an all-or-nothing decision. Haff points to data egress charges, phantom instances doing nothing, and over-provisioning more generally as three of the biggest cost pain points.

[ Related read: Hybrid cloud costs: 5 misconceptions that can cost you money. ]

Identifying where the cloud offers value, and where it doesn’t, is key. This allows for a broader, broader view that is cost-conscious rather than cost-obsessed.

“CIOs can tend to become overly obsessed with price when it comes to selecting a cloud service provider. but the success of your CSP strategy really demands other considerations that should be more holistic and future-oriented,” says Jonathan LaCour, CTO of Mission Cloud Services.

“The more you get it right, the faster and easier you can focus on your customers and growth, not taking care of your infrastructure.”

CIOs should look at their team’s and organization’s broader motivation for moving to the cloud first, says LaCour. If it’s “cost, cost, cost,” that’s certainly your prerogative, but it could limit the potential of your long-term cloud strategy.

A more holistic view, for example, would include something like “a platform’s ability to enable constant innovation, speed up its time to market, and, yes, reduce the distraction of costly operational overhead that the business would be committed to.” . LaCour says. “The more you get it right, the faster and easier you can focus on your customers and growth, not taking care of your infrastructure.”

2. Map business strategy to cloud service provider capabilities

While cloud service providers may offer similar capabilities, they are not really the same thing. Determining which one is best for your unique requirements and goals is another critical piece of your strategy.

“When working with cloud service providers, it’s important to align the platform with the company’s unique business goals,” says Scott Gordon, director of enterprise architecture, cloud infrastructure services at Capgemini Americas. “Each organization has its own situation, and the cloud strategy must be addressed to solve those custom business challenges to create value and results.”

While there may be some simple workloads where the choice of cloud service provider doesn’t have overwhelming implications, most organizational realities are more complex. Going back to Haff and LaCour’s advice, this is where specific motivations or goals have a big impact.

“Each organization has its own situation, and the cloud strategy must be addressed to solve those custom business challenges to create value and results.”

Gordon points out, for example, the importance of assessing the end-to-end lifecycles of your on-premises applications and determining which ones will require modernization or migration at some point. Industry-specific applications, regulatory compliance, data management and analysis, and a plethora of other possibilities are potential factors in tuning CSP.

“The key is partnering with the cloud provider that best aligns with these goals, as that’s when we see great value in cloud speed,” says Gordon.

3. Safety is still your responsibility…

We’ve far outgrown the reductive notion that the cloud is “less secure” than on-premises and moved toward the more pragmatic truth: cloud security matters. Like all facets of IT security, it should be a priority. (And to a large extent it is, according to Red Hat 2021 World Technological Outlook.)

All of the above remains true when working with cloud service providers – as a group, they get it.

“Cloud providers get a lot right when it comes to security,” says Haff. “They have more security engineers on payroll than many organizations have engineers in total.”

[ Get the checklist: Top security and compliance considerations for IT modernization. ]

In general, that’s a good thing, but it doesn’t leave IT teams out of trouble.

“They can’t do everything for you,” says Haff. “You still need to control your software supply chain, properly configure your software, and patch the software you are responsible for.”

4. …So is risk management in general

The same principle applies to risk management. Red Hat Global Architecture Leader EG Nadhan points out that risk is an inherently broad area, encompassing not only security, but also business continuity, data privacy laws and violations, public health (p. (e.g., the COVID pandemic), regulatory compliance, and more. Businesses and governments operate in the real world.

“CIOs should treat cloud service providers as if they were their own internal staff providing cloud services,” says Nadhan. “And so how cloud service providers approach risk should be a key consideration.”

Nadhan points out that an organization’s internal risk management protocols can be recursively applied to CSPs. At a minimum, you should understand how those providers manage risk.

“CIOs need to learn firsthand the processes CSPs have in place to proactively address risk, as well as their approach to reactively address it as well,” says Nadhan.

The same goes for regulatory compliance: IT leaders can’t just assume that their cloud service providers have the right processes in place to meet their regulatory requirements. This is not an area where you want to skip your due diligence.

“Failure to comply can result in financial liability with serious business impact,” says Nadhan. “Non-compliance by cloud service providers can affect the CIO and therefore the performance of their company.”

5. Internal talent is still important

If there is an apparent theme here, it is this: CSPs can provide game-changing capabilities and value, but that should reinforce, not replace, their own internal team. And that’s true for the team itself: Cloud increases the need for his talents, not the other way around.

“Identifying the right talent with the skills to maximize the full potential of the platform is a crucial step,” says Capgemini’s Gordon. “These employees can rethink business functions, improve how the business engages with customers, team members, partners and vendors, and enable cloud capabilities in SaaS and PaaS applications.”

[ Share this with your IT team: 5 things developers should know about cloud service providers ]

This may be a growth area that requires investing in ongoing people skills development, or where new hires can make an impact. To close the loop, it is also part of the cloud value equation. As people build capabilities with various cloud-native and automation technologies, and spend less time taking care of infrastructure, as LaCour said, they begin to streamline existing processes and discover new possibilities.

Organizations can choose which cloud and automation skills they want to develop, of course. As we recently reported, some IT teams don’t want to invest in the operational skills to manage and maintain Kubernetes. This is where IT leaders can consider using Kubernetes managed cloud services such as Dedicated OpenShift, Red Hat OpenShift on AWS (ROSA) Y Microsoft Azure Red Hat OpenShift (ARO).

“Having the right team in place can also help the organization drive more ROI as they identify cost savings along the journey to the cloud,” says Gordon.

[ What should you know about  AI/ML workloads and the cloud? Get the eBook: Top considerations for building a production-ready AI/ML environment. ]

About the author


Leave a Comment