Are you moving your IT to the cloud? Chances are, you’ve already moved at least some of your digital assets to public cloud platforms like Amazon Web Services (AWS) and Microsoft Azure. We have worked with many companies that are migrating critical applications to the cloud. This experience has led us to come up with some questions that every business should ask of its cloud vendors before they commit to working with them.

A few caveats: When we talk about moving to the cloud, we mean adopting an application like ERP that runs in the cloud on a Software-as-a-Service (SaaS) basis. The cloud is vast and varied. It offers a huge range of IT functions, but most of them are either too simple or way, way too complicated to be relevant to this conversation. Sure, if you’re an expert, you can build an enterprise application stack on AWS using it as Infrastructure-as-a-Service (IaaS). However, if you know how to do that, you probably already know our recommended questions.

The other caveat is that cloud vendors need to get asked the basic IT procurement questions. You have to ask about their references. You need to be clear on their pricing and support. It’s good to understand their roadmap and so forth.

Is the application cloud-native?

Not all cloud-based applications are the same. Some are really just old, on-premises apps that are now hosted in cloud data centers. This approach can create problems that are hard to predict and even harder to solve. For example, integrating different modules of a cloud-hosted legacy system can be difficult to set up or change. A modern, cloud-native application is usually more flexible. The vendor can make changes more quickly and link multiple modules with relative ease.

Does it have standards-based APIs?

You may want to integrate your cloud-based application with other systems in your company. To do this simply and economically, it’s ideal to work with standards-based application programming interfaces (APIs). They enable connections between software and data sources without requiring proprietary software or custom coding. Most cloud-native apps have RESTful APIs, which use the nearly universal REST standard for application integration.

How is it backed up?

You should ask how the cloud vendor will be backing up your data and settings. You’re running your business on their platform, so it’s critical to understand how it will recover if there is a disaster. For example, how often is the data backed up to a secondary cloud data center? Where is that data center, in regional terms? What is the recovery time objective (RTO) and recovery point objective (RPO)—the latter referring to the point in time the backup can restore, e.g. will it be backed up to transactions that occurred ten minutes earlier?

How do you handle security?

Today, it’s pretty safe to assume that the cloud platform provider has robust security for the infrastructure and network in its cloud data centers. Everything else is up to the SaaS vendor and you. It’s a best practice to develop a clear understanding of who is responsible for what in terms of security. For example, ask them how they manage privileged accounts. These are the accounts that enable their employees to administer your software. They should have rigorous controls over this kind of access to protect your data from unauthorized use.

How do you handle compliance with laws like CCPA and SOX?

If you do business in California, you will be subject to the California Consumer Privacy Act (CCPA), which has strict rules regarding how consumers’ personally identifiable information (PII) is stored. Your cloud vendor should explain how it complies with CCPA or GDPR, if you’re working in the EU. Financial regulations like Sarbanes Oxley (SOX) also require cloud vendors to demonstrate compliance with certain IT controls. You should understand how they take care of such details.

Is there an SDK?

This is not for everyone, but if you want to develop software that integrates with your cloud-based solution, you’ll need a software development kit (SDK) to make that a reality. In some cases, cloud vendors have elaborate platforms and SDKs to extend their functionality into other software programs. It’s worth knowing what they have, even if you aren’t planning on using it right away.

Selecting the right cloud solution can be challenging. We have helped many companies navigate the vendor selection process. To learn more about how the cloud can help your business achieve its goals, contact us for a free consultation on cloud computing. Or learn more about cloud computing myths.