Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
- Service Level Agreements (SLAs). Providers should be able to promise you a basic level of service that you are comfortable with.
- Performance reporting. The provider should be able to give you performance reports.
- Resource monitoring and configuration management. There should be sufficient controls for the provider to track and monitor services provided to customers and any changes made to their systems.
- Billing and accounting. This should be automated so that you can monitor what resources you are using and the cost, so you don’t run up unexpected bills. There should also be support for billing-related issues.
Technical capabilities and processes
- Ease of deployment, management and upgrade. Make sure the provider has mechanisms that make it easy for you to deploy, manage and upgrade your software and applications.
- Standard interfaces. The provider should use standard APIs and data transforms so that your organisation can easily build connections to the cloud.
- Event management. The provider should have a formal system for event management which is integrated with its monitoring/management system.
- Change management. The provider should have documented and formal processes for requesting, logging, approving, testing and accepting changes.
- Hybrid capability. Even if you don’t plan to use a hybrid cloud initially, you should make sure the provider can support this model. It has advantages that you may wish to exploit at a later time.
- Security infrastructure. There should be a comprehensive security infrastructure for all levels and types of cloud services.
- Security policies. There should be comprehensive security policies and procedures in place for controlling access to provider and customer systems.
- Identity management. Changes to any application service or hardware component should be authorized on a personal or group role basis and authentication should be required for anyone to change an application or data.
- Data backup and retention. Policies and procedures to ensure integrity of customer data should be in place and operational.
- Physical security. Controls ensuring physical security should be in place, including for access to co-located hardware. Also, data centers should have environmental safeguards to protect equipment and data from disruptive events. There should be redundant networking and power and a documented disaster recovery and business continuity plan.