Do your Cloud provider due diligence Posted on April 4, 2013 by Tim Burke Whether or not we give it much explicit thought, we all do at least some due diligence every time we buy something. When it comes to Cloud services, due diligence ought to be done explicitly and with forethought — because getting out from under a bad Cloud choice can be onerous. It’s worth your while to choose well in the first place. In order to find a Cloud provider with the ability to meet your organization’s requirements, carefully review the provider’s… Cloud infrastructure, which should be based on an enterprise-grade virtualization platform with virtual security (rather than security solutions designed for physical environments grafted onto a virtualized environment). Your provider’s infrastructure should also integrate server, network, and storage access resources into a physically distributed but centrally managed system with automation and orchestration capabilities to reduce management overhead and make quick work of provisioning. Also required: A united fabric technology that reduces costs by eliminating need for multiple sets of network adapters, cables, and switches. Development practices (how developers use your data for testing may have compliance implications). Data classification policies and procedures, since these may affect where your data can reside. Regulatory compliance policies and procedures. Security and data protection policies and procedures. Next time, I’ll take a closer look at the best ways to evaluate Cloud provider security.