Microsoft Azure is a cloud computing service generated by Microsoft for building, testing, deploying, and managing applications and services complete Microsoft-managed data centers.
- Service Level Agreements (SLAs) Suppliers should be capable to promise you a basic level of service that you are easy with.
- Performance reporting. The supplier should be capable to provide you performance reports.
- Resource monitoring and configuration management. There should be adequate controls for the supplier to track and monitor services provided to clients and any changes made to their systems.
- Billing and accounting. This should be automatic so that you can monitor what resources you are using and the cost, so you don’t run up unexpected bills. There should similarly be support for billing-related issues.
Technical capabilities and processes
- Ease of deployment, management and upgrade. Confirm the supplier has mechanisms that make it informal for you to deploy, manage and upgrade your software and applications.
- Standard interfaces. The supplier should custom standard APIs and data transforms so that your organisation can simply build connections to the cloud.
- Event management. The supplier should have an official system for event management which is combined with its monitoring/management system.
- Change management. The supplier should have documented and official procedures for requesting, logging, approving, testing and accepting changes.
- Hybrid capability. Even if you don’t plan to usage a hybrid cloud originally, you should confirm the supplier can support this model. It has benefits that you may wish to exploit at a later time.
- Security infrastructure. There should be a complete safety infrastructure for all levels and kinds of cloud services.
- Security policies. There should be complete security strategies and procedures in place for controlling access to provider and client systems.
- Identity management. Variations to any application service or hardware constituent should be official on a personal or group role basis and authentication should be needed for anyone to alteration an application or data.
- Data backup and retention. Strategies and processes to confirm integrity of client data should be in place and operational.
- Physical security. Controls safeguarding physical security should be in place, counting for contact to co-located hardware. Also, data centers should have environmental protections to defend equipment and data from disruptive events. There should be let go networking and power and a documented disaster recovery and business continuity plan.