Searching for a cloud vendor, but don't know where to begin? This intuitive, out of the box Vendor Selection Matrix enables you to narrow down the most qualified cloud service provider to meet the needs of your organization.
The following top 10 considerations have been evaluated based on industry research:
1. The vendor requires no long term obligations for their services
2. The vendor has demonstrated creditability and reliability in the community
3. The vendor owns their cloud infrastructure and does not resell services through another provider
4. The vendor provides optional Recovery Point Objective (RPO) and Recovery Time Objective (RTO) solutions
5. The cost of the vendorâs services are relative to the value provided by the solution
6. The vendor has a secondary data center for disaster recovery
7. The vendor discloses how many employees have access to your data and offers tours of their data center facility
8. The vendor has an enterprise grade infrastructure with multiple built in redundancies and no single point of failure
9. The vendor's secondary data center is on a diverse power grid (Eastern, Western, or Texas)
10. The vendor offers a simple exit strategy (complete export of your data)
The above criteria should be considered too narrow down the most qualified vendors to meet the needs of your organization. While this matrix provides a suggestion for the most qualified cloud vendor based on scoring of the stated criteria, it should not serve as the only source in your vendor selection process.
Scoring is based on a weighted average, with each criteria being assigned a score of either 0 or 1. If the vendor successfully meets a criteria (TRUE), they are awarded a score of 1, while a score of 0 is assigned if they do not (FALSE). A vendor can receive a final total score between 0% and 100%.
*Values exceeding 100% will be struck through and marked in red, suggesting an error in data input.
The vendor selection matrix has back-end calculations, which require no computation on your part. Simply input 0 or 1 into a cell, and the formulas will automatically compute the scores into the worksheet. The sum of all scores is designated in the Total row as a percentage.
A. The vendor requires no long term obligations for their services.
The vendorâs service performance should dictate your willingness to continue to use their services. If a vendors services are reliable, there should be no reason to make any change. In the event the vendor does not perform to the expected service levels, then you have the option to terminate the agreement without penalty to your organization. For this reason, we weight the criteria at 18%.
B. The vendor has demonstrated creditability and reliability in the community.
The vendor has an established reputation in the nonprofit and association community as evidence by publicity through technology forums (ASAE/NTEN list serves), conference participation, and other testimonials beyond references produced by the vendor. Reputation is an important factor as it represents the quality of the vendor's employees who are able to deliver excellence of service to their customers.1 For these reasons, we weight reputation at 15%.
C. The vendor owns their cloud infrastructure and does not resell services through another provider.
This assures the vendor will take responsibility and can be held accountable for their service availability, as well as control of data security. Unlike vendors who resell cloud services, a vendor who owns their infrastructure can guarantee that access to your data is controlled by their organization and no other entity. For this reason, we have weighted the criteria at 12%.
D. The vendor provides optional Recovery Point Objective (RPO) and Recovery Time Objective (RTO) solutions.
While most vendors will provide backup and disaster recovery as part of their cloud services, itâs important to understand the exact Recovery Time Objective (RTO) and Recovery Point Objective (RPO) which determine how long it will take to recover systems, and from which point in time backups. We assign a weight of 10%, because backups alone are not sufficient to guarantee business continuity.
E. The cost of the vendorâs services are relative to the value provided by the solution.
When all things are considered equal, is the cost of the vendorâs services relative to the value provided by the solution? In addition, it is important to note that cost does not necessarily determine the level of quality a vendor can provide. For this reason, we weighted this criteria at 10%.
F. The vendor has a secondary data center for disaster recovery.
The vendor has alternative data centers (secondary or more) beyond the primary site with the capability to host production systems at the secondary site(s) in the event of a disaster, in addition to maintaining replicated copies of backups. We have assigned a weight of 8% due to the operational impact this criteria has on your organization.
G. The vendor discloses how many employees have access to your data and offers tours of their data center facility.
If your organization possesses sensitive data (member Social Security, Credit Card Information, etc.) then it is important to know how many of the vendorâs employees have access to your data, as it reduces security related risks. This issue becomes relevant when engaging with larger providers, or vendors who resell cloud services.2 It is expected that vendors maintain industry best practices relating to security, however, since security is a concern for organizations, we have weighted this criteria at 8%.
H. The vendor has an enterprise grade infrastructure with multiple built in redundancies and no single point of failure.
The vendor discloses information about the configuration of their infrastructure architecture such as: Storage redundancy, host redundancy, switch redundancy, firewall redundancy, internet connectivity redundancy, and more. We have assigned a weight of 7%, due to the operational impact this criteria has on your organization.
I. The vendor's secondary data center is on a diverse power grid (Eastern, Western, or Texas).
The United States is split into three grids, Eastern, Western, and Texas. Does the vendorâs secondary data center provide a redundancy in the event of a regional power grid outage? We weight this criteria at 7%, because it has a direct impact on your organizationâs operations.
J. The vendor offers a simple exit strategy (complete export of your data).
Should the vendor not meet your overall expectations, they will provide a simple exit strategy in terms of relinquishing control of your data (for example, export of data to portable hard drives) nor does the vendor claim ownership of your data. The financial implications at stake are significant, therefore we weight this criteria at 5%.
90% - 100%: If a vendor scores between 90% and 100%, then it suggests they are capable of fulfilling the needs of your organization. In addition, the vendor requires no long term obligations for their services, has demonstrated credibility and reliability within the community, and owns their own cloud infrastructure. In your selection process, it is highly recommended you seek out a provider within this range.
80% - 89%: If a vendor scores between 80% and 89%, they are considered to be a reliable cloud service provider, however, they may not own their cloud infrastructure, or they require long term obligations for their services. In your selection process, it is recommended you seek additional references before selecting a vendor within this range.
70% - 79%: If a vendor scores between 70% and 79%, then they may be able to fulfill most of your organizationâs needs. It is important for you to identify the three most important criteria, which the vendor must meet, in order to fulfill the requirements of your organization. In addition, it is highly recommended you seek out multiple references from authoritative sources before selecting a vendor within this range.
0% - 69%: If a vendor scores below 70%, they will be unable to fulfill all of the needs of your organization. In addition, a vendor which scores within this range may lack one, or all of the following: Ownership of their cloud infrastructure, credibility and reliability within the community, RPO and RTO, a secondary data center on a diverse power grid, or a simple exit strategy. For these reasons, it is recommended you seek an alternative provider.
This article first appeared on the eXos Cloud Blog on December 4, 2014. eXos cloud services is provided by OSIbeyond, a trusted Managed IT service provider, specializing in the nonprofit & association community for over a decade.
This blog is listed under Cloud Computing Community