What does a cloud service provider (CSP) do? It’s right there in the name: They provide… cloud services.
OK, that’s sort of simplistic – and it’s sort of cheating, because it defines the term using the same term. But it’s also kind of accurate as a catch-all term for everything from a hyperscale public cloud to a SaaS application vendor. Here’s a fuller definition, from Red Hat:
“Cloud service providers are companies that establish public clouds, manage private clouds, or offer on-demand cloud computing components (also known as cloud computing services) like Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).”
For example, Amazon Web Services (AWS), Microsoft Azure, and Google's cloud services all fall under the cloud service provider umbrella. The breadth of the term reflects the size and diversity of the cloud ecosystem. For IT leaders, it can also spur uncertainty: What’s the best way to engage with a CSP? Are they essentially all the same? Where does my environment end and theirs begin?
Moreover, how can I make cloud service provider choices that will help me with IT and organizational goals such as modernizing strategy, deploying faster, managing spend, and keeping flexibility for the future?
[ Want to accelerate application development while reducing cost and complexity? Get the eBook: Modernize your IT with managed cloud services ]
Working with cloud service providers: 5 factors to keep in mind
Let’s look at five important factors to keep in mind about cloud service providers, according to hybrid cloud and multi-cloud ecosystem experts.
1. Take a holistic view of costs
Most IT leaders see the value – if not the sheer necessity – of the cloud by now. For some processes and use cases, cloud is the more cost-effective model, too. But cloud costs still matter – a lot. Take your eyes off your spending and you might be looking at some runaway bills; it’s a common enough scenario that managing cloud bills is a business unto itself.
“Cloud service providers can get expensive,” says Gordon Haff, technology evangelist at Red Hat. “That doesn’t mean you shouldn’t use them. But you need to understand where they do provide good value for your organization and where you should consider taking workloads on-prem.”
This is among other reasons why hybrid cloud environments are expanding – it doesn’t need to be an all-or-nothing decision. Haff notes data egress charges, phantom instances that aren’t doing anything, and over-provisioning more broadly as three of the top cost-related pain points.
[ Related read: Hybrid cloud costs: 5 misconceptions that can cost you money. ]
Identifying where cloud delivers value – and where it doesn’t – is key. This enables the longer, wider view that is cost-aware rather than cost-obsessed.
“CIOs can tend to get perhaps too fixated on price when it comes to selecting a cloud service provider. but the success of their CSP strategy really demands other considerations that ought to be more holistic and future-looking,” says Jonathan LaCour, CTO at Mission Cloud Services.
CIOs should be analyzing their team and organization’s broader motivation for moving to the cloud in the first place, LaCour says. If it’s “cost, cost, cost,” that’s certainly your prerogative – but it might limit the potential of your longer-term cloud strategy.
A more holistic view, for example, would include something like “a platform’s ability to enable constant innovation, accelerate their time-to-market, and, yes, reduce the distraction of costly operational overhead the company would otherwise be on the hook for,” LaCour says. “The more you get that right, the faster and more easily you can focus on your customers and growth, not on babysitting your infrastructure.”
2. Map business strategy to cloud service provider capabilities
While cloud service providers may offer similar capabilities, they are not actually the same. Determining the best one for your unique requirements and goals is another critical piece of your strategy.
“When working with cloud service providers, it’s important to align the platform with the company’s unique business objectives,” says Scott Gordon, enterprise architect director, cloud infrastructure services at Capgemini Americas. “Every organization has its own situation, and the cloud strategy must be catered to solve those customized business challenges to create value and results.”
While there might be some plain-vanilla workloads where the choice of cloud service provider might not have overwhelming implications, most organizational realities are more complex. Thinking back to the advice from Haff and LaCour, this is again where specific motivations or goals have a big impact.
Gordon notes, for example, the importance of evaluating the end-to-end life cycles of your on-premises applications and determining which ones will require modernization and/or migration at some point. Industry-specific applications, regulatory compliance, data management and analytics, and a plethora of other possibilities are potential factors in CSP fit.
“The key is partnering with the cloud provider that best aligns to these goals, as that is when we see a huge value in velocity of cloud,” Gordon says.
3. Security is still your responsibility…
We’re well past the reductive notion that cloud is “less secure” than on-premises and have evolved toward the more pragmatic truth: Cloud security is important. Like all facets of IT security, it needs to be a priority. (And it very much is, according to Red Hat’s 2021 Global Tech Outlook.)
All of the above remains true when you work with cloud service providers – as a group, they get it.
“Cloud providers get a lot right with respect to security,” Haff says. “They have more security engineers on payroll than many organizations have engineers in total.”
[ Get the checklist: Top security and compliance considerations for IT modernization. ]
That’s generally a good thing, but it doesn’t let IT teams off the hook.
“They can’t do everything for you,” Haff says. “You still need to have a handle on your software supply chain, properly configure your software, and patch the software you are responsible for.”
4. …So is risk management overall
The same principle applies to risk management. Red Hat global chief architect leader E.G. Nadhan points out that risk is an inherently broad area, encompassing not just security but business continuity, data privacy laws and violations, public health (e.g., the COVID pandemic), regulatory compliance, and more. Businesses and governments operate in the real world.
“CIOs need to treat cloud service providers as if they are their own internal staff providing said services,” Nadhan says. “And thus, the manner in which cloud service providers address risk should be a key consideration.”
Nadhan notes that an organization’s internal risk management protocols can be applied recursively to CSPs. At the bare minimum, you should understand how those vendors manage risk.
“CIOs should know first-hand the processes CSPs have in place to proactively address risk as well as their approach to reactively address it as well,” Nadhan says.
Ditto for regulatory compliance – IT leaders can’t just assume their cloud service providers have the right processes in place to meet their regulatory requirements. This isn’t an area where you want to skip your due diligence.
“Non-compliance can result in financial liability with serious business impact,” Nadhan says. “Non-compliance by the cloud service providers may impact the CIO – and thus their enterprise’s performance.”
5. Internal talent still matters
If there’s an apparent theme here, it’s this: CSPs can provide game-changing capabilities and value, but that should bolster – not take the place of – your own internal team. And that’s true of the team itself: Cloud increases the need for their talents, not the other way around.
“Identifying the right talent with the skills to maximize the platform’s full potential is a crucial step,” says Gordon from Capgemini. “These employees can rethink business functions, improve how the company engages with customers, team members, partners, and suppliers – and enable the capabilities of cloud across SaaS and PaaS applications.”
[ Share this with your IT team: 5 things developers should know about cloud service providers ]
This may be a growth area that requires investing in people’s continued skill development, or where new hires may make an impact. To come full circle, it’s also part of the cloud value equation. As people develop capabilities with various cloud-native and automation technologies – and spend less time babysitting infrastructure, as LaCour said – they begin to optimize existing processes and unearth new possibilities.
Organizations can pick and choose which cloud and automation skills they want to develop, of course. As we recently reported, some IT teams don't want to invest in the operational skills to manage and maintain Kubernetes. This is where IT leaders can consider using managed Kubernetes cloud services, such as OpenShift Dedicated, Red Hat OpenShift on AWS (ROSA) and Microsoft Azure Red Hat OpenShift (ARO).
“Having the right team in place can also help the organization to bring more ROI, as they identify cost savings throughout the cloud journey,” Gordon says.
[ What should you know about AI/ML workloads and the cloud? Get the eBook: Top considerations for building a production-ready AI/ML environment. ]