Happy clouds

When you're choosing a cloud vendor, what do you really need to worry about? Not as much as you might think.

Or so I learned last week, at a webinar presented by Sam Chenkin from Tech Impact.Tech Impact is a nonprofit, and their mission is to "ensure all nonprofits can use technology to better serve our world."

Obviously, we here at TechSoup are huge fans of that mission.

Tech Impact's knowledge is also deeply practical and rooted in on-the-ground experience helping nonprofits choose and implement the right technologies. So I wasn't surprised when Sam had a lot of good information to share. What surprised me was what he said.

Things You Shouldn't Worry About

Sam kicked things off by acknowledging that there's often "a lot of fear wrapped up in moving to the cloud." But as I learned, there's a whole bunch of stuff you probably don't need to worry about all that much, including:

  • Encryption in transit: All reputable cloud vendors encrypt your data in transit between your computer and the cloud provider.
  • Encryption at rest: Many vendors also do encrypt your data at rest, meaning when it's sitting on the cloud vendor's system. Even if they don't, this probably isn't a big deal for most nonprofits. Remember, in most cases your data isn't encrypted onsite either.  
  • Backups: Cloud providers manage and test their backups extensively, much more thoroughly than most nonprofits do. According to Sam, in the vast majority of cases you don't need to keep your own backups of cloud data. My first thought was "Whoooooa." But this actually makes a lot of sense, because data in the cloud isn't susceptible to the same kind of failures as data on-premise. Everything in the cloud is stored redundantly.
  • Availability: This is the percentage of time that the cloud service will be available. Keep in mind that every technology runs into problems and no cloud vendor can guarantee 100% availability for their services. Do consider what you require in terms of availiability and if you can still operate in the event of an outage. But be realistic here – how bulletproof are your systems onsite? Are your systems available 100% of the time?

Stuff You Might Want to Worry About

There are, of course, some things to worry about when choosing a cloud vendor. I think of these things as a yellow traffic light, indicating you should proceed with caution.

  • Connectivity: If your Internet connection goes out, you lose access to your cloud services. As Sam said, "If you have a really bad Internet connection, the cloud is not for you."
  • Big Brother: A cloud provider can and will hand your data over to the government, often without telling you. If your organization would consider fighting a government subpoena of its data, the cloud is not the right choice.
  • Your finances: Your onsite systems can probably clunk along for a while without much support. But if you stop paying a cloud vendor, they will shut off your account and delete your data.
  • Data retention: Make sure the vendor's retention policy meets your needs. For example, do you need multiple versions of files or the ability to permanently archive deleted information?

What You Really Should Worry About

These are the things nonprofits really should pay attention to:

  • Migration and training: Both of these can be challenges when switching to a cloud-based solution, and there will be associated costs. Plan to put time and resources into migration and training.

  • The ability to change providers: Make sure you have the ability to "break up" with your cloud provider and get your data out in a usable format.

  • Cloud vendors going out of business: Sam's recommendation here is to pick well-established providers or have a clear "exit plan" in place.

Questions Cloud Vendors Won't Answer

Realistically, the big cloud vendors (Google, Microsoft, Amazon, etc.) probably aren't going to answer your questions. Even smaller cloud vendors won't provide a lot of specifics about certain things, like their encryption techniques, disaster recovery process, or security procedures. And that's okay. This is to protect you (and them). The more information a cloud vendor shares, the more vulnerable their technologies – and your data – are to attack.

Information Your Cloud Vendor Should Provide

However, a cloud vendor should provide the following information, regardless of whether they're well-established or a new kid on the block:

  • Whether your data is stored redundantly, on more than one server or in more than one location.
  • If your data is backed up, and whether those backups are stored offsite or onsite.
  • If your data is encrypted in transit and at rest.
  • Is there a Service Level Agreement (SLA) and what is it? Do remember that an SLA doesn't guarantee a cloud-based technology will actually be available a certain percentage of the time. It only guarantees that you'll be refunded some money if the system isn't available. 

A Final Caveat

Note that all cloud solutions and providers are different. All nonprofit needs, budgets, concerns, and priorities are also different, so there is no "one size fits all" answer about whether a cloud-based solution is right for your organization.

More Cloudy Goodness

Image: happy clouds