March 27, 2019

8 Due Diligence Questions to Ask Public Cloud Service Providers

by: Align


The public cloud is one of the top IT platforms of choice that businesses are continuing to adopt. According to a recent report by the International Data Corporation (IDC), the global spend on public cloud services is expected to hit approximately $210 billion in 2019.

Although it might seem like public cloud services have the same offering across the board, it’s important to recognize that various vendors have their strengths and weaknesses. For businesses seeking to find the right public cloud provider, it is critical that their CIO and IT team perform proper due diligence throughout this process. 

To help your business kickstart its journey to the public cloud, we’ve outlined some key questions every CIO should ask when evaluating public cloud service providers (CSPs):

CIO Due Diligence, Public Cloud Providers

1. Where will my data be stored? 

Knowing the location of your business’ data and servers are of the utmost importance when selecting a cloud provider. Companies should verify that their data and applications will be secured with adequate safeguards.

The last thing your organization wants to face is having your data be compromised due to legacy systems or inadequate security measures. 

2. How can I move an existing app into the public cloud without massive reconfiguration?  

Although public cloud environments have different infrastructures than most on-premise and private solutions, some providers have similar technology ecosystems that can make your migration as seamless as possible.

The right IT partner will remove the complexities out of the reconfiguration equation, and move your business to the public cloud on time and within budget. CIOs should communicate the project budget and timeline to potential CSPs to ensure both parties are on the same page.

3. How are my apps and company data protected from other users on the same cloud platform?

Not all providers separate their customer data and applications from one another, so firms should never assume it’s safe from other users. When speaking with a cloud provider, request information on encryption levels, access controls, privacy requirements for stored data and security permissions.

Additionally, we recommend asking the third-party what their accessibility and information security standards are.

4. What systems and tools are available for preventing cyber-attacks and data breaches? 

With online hacks getting more sophisticated than ever, cybersecurity is a massive priority for every business to address. Making sure that your provider has a team of cybersecurity specialists to monitor your cloud network 24x7x365 and respond to threats at all times of the day will help prevent cybercriminals from getting in.

Managed service providers like Align that build their solutions on Microsoft Azure can provide an array of security tools, layers of robust cybersecurity and administer training for employees. These services, benefits and areas of expertise are what separate elite CSPs from the competition pool and should be considered during the due diligence process.

5. What emergency and post-emergency processes are in place?

In the chance that your company faces a significant hack or data breach, you want to make sure there are emergency procedures for your organization to follow. CIOs and IT teams should ask potential IT partners the following questions:

  • What are the methods for recovery?
  • Alternative approaches to restore data?
  • How long will the recovery phase take?

Keep in mind that the above questions are not all-inclusive. However, building an understanding of what security tasks fall on the shoulders of the provider, will help you to better protect your business’ data, customers and sensitive information.

6. How do you handle compliance requirements across different industries?

Since most companies have to comply with state and government regulations concerning consumer privacy and data, CIO’s must do their research vetting vendors that have experience in their industry. Asking providers questions about their industry expertise and knowledge around those specific laws will help showcase their readiness and ability to handle these requirements.

7. What are the actual costs? Are there any upfront capital expenditures? 

The public cloud is known to be more cost-efficient than private clouds due to its pay-as-you-go model and flexible nature.

Before selecting a cloud solution provider, verify all the expenses associated with cloud migration, hosting, monitoring and any upfront fees. If there are any capital expenditures that you must pay, then you’ll know before beginning your cloud journey so that you can budget accordingly.

8. What are the termination policy and conditions?  

In the case that you do want to opt-out of your public cloud provider’s services, it’s important to verify what their service agreements are and what the termination policy is. Make sure you don’t get trapped into a plan that you can’t get out of in case your company decides to go into another direction later.


As a best practice, we recommend digging deeper and finding information about each provider’s specific solutions to find the best one for your business. This process will also help shape the questions you ask during the evaluation phase.

The benefits of performing vendor due diligence far outweigh the risks associated with the unknowns. That being said, it is essential to plan for the CSP selection process to increase the likelihood of a successful partnership, maximize value and realize the full benefits of the public cloud.

Align is a Microsoft Tier 1 Cloud Solutions Provider and Gold Partner. We have extensive experience delivering Public Cloud Services and comprehensive Managed IT Services to customers.

Speak with one of our cloud experts to discuss the best solution for your business.

Contact Us ➜

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC