How do you choose your Cloud Provider?

5 min
Published on

According to the latest RightScale report on the state of cloud computing, 91% of companies are using a public cloud computing service. Large groups, small and medium sized businesses, or IT freelancers are turning to SaaS (software as a service), IaaS (infrastructure as a service) and PaaS, (platforms as a service), often on a daily basis.

And global spending dedicated to ‘cloud computing’ should double to reach almost 500 billion dollars in 2023. Confronted with such growth, several cloud providers are fighting for a share of the market. If AWS - Amazon’s cloud service – is currently the market leader, it faces stiff competition from others including Microsoft Azure Google Cloud Platform (GCP), IBM or even Alibaba. So, how do you decide between the different providers on offer? Discover in this article how to choose your Cloud Provider.


Data security and compliance


Security is the top priority in the cloud, and more broadly within the whole of the IT sector. Initially, set your security requirements according to your business sector, your organisation, but also the statutory requirements. Next, compare the security packages from the different cloud computing providers by distinguishing the included services from chargeable products and add-ons.


Compliance is another essential aspect in the storage and handling of data. It is therefore imperative to understand the expectations in terms of GDPR, to determine who is responsible for what, as well as the compliance guarantees that the cloud provider can offer. IBM, for example, offers a ‘Resilient Incident Response Platform’ programme to help its service users fulfil the GDPR requirements with:

  • a streamlining of the response process and the notification time when security incidents occur

  • preliminary guides and GDPR simulators

  • privacy protection modules

Certifications and standards


As part of their efforts to ensuring data security and compliance, cloud providers must adapt to the framework of recognised standards and norms.

There are several certifications available. The most common are:

  • DMTF, who create transparent standards of management covering emerging and traditional IT infrastructure, in particular the cloud. Companies and partner members work together on standards in order to improve the interoperable management of information technologies

  • ISO: ISO standards allow (among other things) agreements to be set on levels of service (ISO/CEI 19086-1 : 2016,) or data security (ISO 27001)

  • CSA: the Cloud Security Alliance holds a free and public updated register known as ‘STAR’ (Security, Trust & Assurance Registry). ‘CSA STAR’ certificates are awarded after careful and independent assessments of cloud providers

As a general rule, you should choose providers who give information about their way of responding and adapting to these standards, and who offer good visibility on the status of their services.

Cloud computing architecture and services management


Cloud computing can be a real asset in terms of productivity, provided the architecture is integrated into the user’s workflow and overall strategy.  

As far as storage is concerned, the 3 main Cloud providers – Amazon, Google and Microsoft – offer similar configurations with several types of storage according to needs.


On the other hand, they have different types of archival storage, with:

  • hot and cool storage for Microsoft Azure and an encryption of archived data;

  • cold storage for the Cloud Storage by Google with a low latency and an uptime percentage of 99% ;

  • a long term data retention service for AWS with data provision requiring between 3 to 5 hours.


Therefore, not all competing providers have the same terms when it comes to accessing data. Google Cloud offers a response time of approximately two to five seconds for archived data. On the other hand, per gigabyte storage is more expensive than Amazon’s package. For each example, a price-performance ratio needs to be estimated according to your own needs.


Reliability and recovery after a disaster


Several methods exist to measure the reliability of a cloud computing provider. The first consists of checking its performances according to its SLA (Service Level Agreement), in other words the specific level of service objectives. The majority of cloud providers openly provide this information.


Outages are inevitable and is something that all cloud computing services are faced with. What’s important is the way in which the provider reacts to these incidents. The monitoring and reporting tools on offer have to be adequate and be able to be integrated into your own management and monitoring systems.


Also check that the cloud provider provides documentation and feedback on the processes put in place to cope with outages that are scheduled, but also unexpected. Look at their client communication policy at times when incidents occur, making sure to prioritise speed of reaction and the assessment of problems’ severity level. Finally, find out about the options for recourse and the limitations to the provider’s liability should data be lost.


The roles and responsibilities must be clearly defined and take into account the critical nature of the information as well as back-up plans, restoration, and integration tests. This information will allow you to consider taking out additional insurance if the costs associated with the recovery of data are not covered by the cloud provider.


Compatibility with the cloud provider’s technology and services


The last factor to take into account is the compatibility between the cloud platform’s services and technology and your own needs and environments (both current and projected).


To get the best improvements in productivity and performance, the cloud services’ standards and architecture have to suit your internal work processes and be easily adaptable. Lots of service providers offer full migration models, as well as support in the evaluation and planning phases.


Make sure you also regularly check the provider’s road map regarding their strategy, their choices when it comes to the technology they use, and whether they handle interoperability. Likewise, make sure you have information about the options for changing cloud providers so that you don’t risk ‘lock-in’.


Vendor lock-in is when a customer cannot easily call upon a rival provider. This situation generally results from propetary technology being incompatible with that of other cloud computing platforms, or occasionally from contractual restrictions.


Cloud services which rely on proprietary components can therefore have a very negative impact on portability to a new provider, or even on internal systems. To avoid this risk, choose cloud providers who use the least possible amount of proprietary technology and do your research on changes to your cloud provider’s configuration, policy and technology.


Did you have to call upon a cloud provider for your own personal or professional use? Which platform did you choose? Be sure to share your expériences with us on the forum.


Useful links:

  • Google Cloud:

  • IBM Cloud:

Continue reading around the topics :


In the same category

Top freelance tech roles 2024 IT news
The top tech roles for 2024 are here, assuming you’re freelance, or ready to upskill to make more money on a contract basis.
6 min

Connecting tech talent

Free-Work THE platform for all IT professionals.

Its contents and its IT job board are 100% free of charge for contractors and freelancers.

Recruiters area
2024 © Free-Work / AGSI SAS
Follow us