Once a hedge fund has determined that adoption of cloud-based services is appropriate for its business, selecting the right cloud technology provider is crucial. You are turning over control and entrusting your IT operations to the service provider; downtime is not an option, and a proven track record is vital.
During the vendor evaluation process it is necessary to ask tough questions and evaluate the service provider in a number of areas including the cloud architecture, security policies, data protection safeguards and support delivery. The following questions provide a starting point.
Cloud Architecture, Experience & Support
- Does the service provider deliver dedicated or shared resources within the cloud? Will a client’s data be isolated from other clients who reside in the same cloud?
- Does the cloud provider own their own equipment?
- Is the cloud data center SAS 70 compliant?
- Which technology vendors have applications operating within the service provider’s cloud?
- What certification levels does the provider have with these application vendors?
- How are support requests handled, and what is the expected response time?
- What Service Level Agreements are in place for the cloud infrastructure?
Security Policies & Procedures
- What is your information security policy and how often is it reviewed?
- What security standards are used to ensure data and application integrity?
- Have you ever experienced a security breach? If so, how was it resolved and what safeguards were implemented to prevent a repeat experience?
- Is data encrypted at rest as well as in transit?
- What physical security elements are in place at the data center (i.e. locked cages and cabinets, cameras, access points, etc.)?
- When was your last network penetration test conducted and what did it involve?
Business Continuity & Disaster Recovery
- Does the cloud infrastructure feature an N+1 configuration to enable high availability?
- What are your backup and retention procedures? How long is data retained?
- What is your disaster recovery strategy and how frequently is it tested? What does the test encompass?
- Is there a plan for pandemic or mass absentee (up to 40%) situations?
- Are there provisions in place to recover work in progress at the time of an interruption?
- How much downtime (planned and unplanned) has your cloud experienced over the past 12, 24 and 36 months? How did the downtime impact clients?
About the Author
Mary Beth Hamilton is director of marketing for Eze Castle Integration (www.eci.com), a leading provider of IT and cloud computing services, technology and consulting to hedge funds and alternative investment firms. She has over a decade of technology and marketing experience and holds an MBA from Boston College.