How to select a Cloud Service Provider
With data at the heart of egaming performance, the security risks attached are significant. While recent developments in European Data Protection and the MGA consultation document introduce regulatory and compliance concerns, selecting a cloud service provider just got more complex. In this article/series of articles, Scott Hanson lifts the lid on the best practice guidelines anyone using cloud services within egaming should adhere to.
In the second chapter of our Best practice guide: Selecting a Cloud Service Provider, I will go into more detail on the services that you should expect from your provider, and why they are a fundamental part of the service. I serve up some key questions and considerations which will help you make the short list of providers to run a proof of concept with – provided of course that this is something they can offer.
Backup and Disaster recovery
Outsourcing DR is no longer the premise of SME’s who cannot afford an in-house IT team dedicated to DR. Some of the traditional DR models have faded away, with cloud-based high availability schemes being favoured, whether cloud based or on premise. For significant requirements, outsourcing all of DR may be the only option to free up the team. However, a reputable cloud service provider should be capable of offering you BDR as part of their services, and be able to account for how this is designed to fit around your business requirements with appropriate accreditation. The DR (although not the backup) is required to be within your licensing jurisdiction, which means many cloud service providers are automatically qualified out. This means accounting for different cloud disaster recovery options and is ready to recommend one which suits your operation and requirements, and that RPO and RTOs align with business objectives. The regulatory recommendation is that the Recovery Point Objective is set for the last committed transaction. This means that in the event of an incident, data recovery replication is amongst some of the most aggressive across sectors, and not all CSPs are capable of offering this. Although there are regulatory requirements which outline an BDR plan, there are corporate policies and business objectives to meet in order to protect the business as well as the customers it serves.
Provided that CSPs understand and are qualified to provide stable DR solutions within the licensing jurisdiction, and have the bandwidth and capacity to execute a backup and disaster recovery to the cloud, the only additional reassurance you will require is assurance of the integrity of your data. How do you know they are secure? What off-site replication is carried out? Is there tenant-level encryption of the backups to ensure no contamination? What value can the CSP offer by way of being proactive to your current needs and emerging requirements? Key insights into the service needs to be provided by way of regular and comprehensive reporting, along with access to a single point of contact to ensure
Your CSP needs to understand the regulatory as well as the technology landscape within which egaming operates, and that at an enterprise scale, with the responsiveness and flexibility of an SME to adapt to your evolving needs and transaction trends. A CSP suited for egaming needs to be backed up with security standard accreditations that demonstrate a commitment to continuous improvement in information security standards.
Eat in or take-away?
Alongside of hosting models, BDR, and an understanding of sector requirements, there are a number of additional services which can really make a difference. There is no doubt that an internal IT team would usually house skill sets similar to these, but in all likelihood would be better placed delivering value on internal projects and roll outs.
Why Managed Services?
There are a number of services which can form part of a cloud service provider engagement with a difference. The ability to focus on strategic projects, and allowing an internal resource to be utilised where it matters, instead of on routine tasks is key. However, simply keeping up with the pace of change within technology and security demands commitment, agility and a different skillset. Typically, organisations may get more efficient budget utilisation and access to processes and skills, whilst developing a relationship with a provider who is able to provide trusted advice.
Some of the add-ons you may consider as part of your cloud services includes monitoring and risk management. Where these are delivered by an ISO-certified service provider, you are assure of a resilient framework for business processes and best practice in information security. The main reference points of ISO 27001 are confidentiality, integrity, and availability – values which are at the forefront of any enterprise considering cloud services. In fact, the latest requirements on ISO certified organisations are more contextual and more rigorous, and take into account that the organisation, its customers and its clients now all have needs that need to be met. As we will see, there are tangible business benefits in partnering with a provider who is ISO-certified.
In the third and final chapter of this guide, we will uncover some features and services that will provide real value, so make sure you get the full picture!
If you missed the webinar, get in touch for a white board session and insights into use...read more
Ardenta and its customers benefit from the low-latency connectivity to vCloud Air in thi...read more
Keeping agile: Prioritising IT to gain a competitive edge in an evolving marketplace Conso...read more