Toward a Cloud Hosting Bill of Rights: A Virtual Win-Win
To mark the recent 25th anniversary of the Web, Tim Berners-Lee, its creator, suggested the time was ripe for an Internet Bill of Rights.
Smart idea — so why not extend that concept to cloud hosting? After all, powerful new virtualization technologies carry with them some very specific rights and responsibilities, and we could all use more transparency in our IT transactions. In a very palpable way, financial services firms entrust providers with their businesses; the very least the infrastructure provider community can do is elucidate basic expectations and norms.
The list below is by no means exhaustive or even comprehensive. But then, neither was the original Bill of Rights, back in 1789, so feel free to offer your own amendments.
- The right to an audit – and information about it. Hosting customers have the right to a data center that has passed a SSA16-type II audit. The SSAE (Standards for Attestation Engagements) No. 16 Type II audit is among the most rigorous auditing standards for hosting companies. The audit confirms the highest level of service and reliability attainable for a virtual server hosting company. An increasing number of cloud service providers (CSPs) are using the American Institute of Certified Public Accountants’ Service Organization Control process (SOC), the organization’s certification of controls with verification for cloud environments. Some of the larger cloud service providers now publish SOC reports on their security controls.
- The right to be free of contracts. Customers in the financial services sector must be able to come and go as they please, free of contracts and minimums that tether them to the CSP indefinitely. Relationships with hosting providers are best managed month to month.
- The right to backup as a core service. Backup services must be included as an integral part of every package, not as an option available at additional cost. Ideally, providers should offer managed backups with 14-day retention. That’s crucial in just about every business, but it’s inviolate in financial services.
- The right to comprehensive data protection. Although it would seem self-evident, customers are entitled to have their data protected through various state-of-the-art tools and techniques. Providers should offer both enterprise-level and application level protection, including SSL capability, hardware firewalls and IP-restricted FTP – at minimum.
- The right to total data integrity. Ensuring data integrity is closely related to data protection, but well worth a special mention. As cyber threats become ever more insidious, it’s vital for providers to implement systems that go well beyond basic antivirus “solutions.” Advanced monitoring and multi-level intrusion detection and prevention ought to be mandatory, not discretionary. Again, financial services firms are first among equals in matters of data sanctity.
- The right to 100 percent uptime. Providers simply must do no harm. Maintenance intervals should not cause downtime on any kind of a periodic basis; such intervals must be infrequent and near to zero as possible.
- The right to live telephone support. Customers have the right to speak to an engineer, in real time – a professional who understands their configuration and can address their specific problem(s).
- The right to tech support that is clear and informed. Customers are entitled to speak to engineers and knowledgeable support personnel in plain English. Problems should not be considered “resolved” until both parties agree that they fully understand each other.
- The right to 24×7 support. Problems and issues don’t adhere to regular business hours. Customers are entitled to tech support any time of the day or night. Period. (After all, as Gordon Gecko said in Wall Street, “money never sleeps.”)
- The right to transparent pricing. Customers should know precisely what they’re paying for, and how much they’re paying, this year and next.
Cloud hosting providers live in the “Infrastructure as a Service” marketplace. Service truly should be the last word.
For more information about Infinitely Virtual, visit here.