Best practices for ISVs moving to the cloud

Moving to a managed cloud model for outsourced software-as-a-service delivery makes a lot of sense for independent software vendors (ISVs). However, I have seen far too many so-called rookie mistakes that could have been easily avoided had the ISV known what to look for in a service provider and what types of questions to ask.

Factors that cannot be overlooked in a service provider include the ability to not only deliver savings, security and breadth of choice, but also the capability to enable integration between technologies, applications and infrastructure on a global scale, both in the cloud and with legacy systems. Security, privacy and performance also cannot be overlooked.

Build Versus Buy
When you’re talking cloud, the first decision to make often involves whether to outsource managed cloud or build it yourself. Remember that by building your own cloud, your team will be responsible for administering and managing security and firewalls, as well as other staffing and expertise. Also, it takes a long time to build your own cloud, so you’ll likely be slower to market and your technology may become outdated.
And don’t forget the technological expertise needed to swap out your legacy, dedicated systems with more versatile, cost-effective virtualization solutions. Operationally, your organization will need to implement a new set of policies and procedures to administer and govern the automated systems and quickly respond to end-user support issues

What’s more, you’ll have additional personnel to hire and issues to address. The combination of technological and operational requirements requires staff with a new set of skills, as well as a different idea about the role of the IT department within the larger organization. In essence, the IT department must become a highly efficient internal service provider.

Are these issues ones you can tackle internally? It’s a lot to think about.

When it comes to cloud, most of the questions I receive from ISVs are around security. “Will the cloud be secure?” “What do I need to do to protect my application?”

In short, cloud can be as safe as any other form of IT infrastructure. In other words, it’s only as safe as the security measures you have in place.
The technologies behind best-in-class security are both expensive and constantly changing. If you think you’re going to keep your equipment and software current, you’re likely going to quickly burn through your IT budget.


Outsourcing can help you protect your business more effectively. Ask potential service providers whether they can filter out threats at the network level – it’s a much more powerful method of protecting your IT infrastructure than doing it on site.

Ask service providers how they will minimize your exposure to common threats and identify and assess your system and application vulnerabilities. Do they offer 24/7 monitoring, management and response? They should.

Service Levels
ISVs have a wide range of requirements, and single service-level clouds may not fit all applications.

If you’re an ISV, you either offer a standard service level to customers or you have varying service levels based on software tiers and other factors. Be sure to review your cloud provider’s capabilities carefully. This may sound elementary, but it’s worth pointing out and remembering: You cannot offer more than a provider is capable of providing.

Ask for your provider’s maintenance windows. A good practice is to match the maintenance windows with your service provider.

Another area to explore is your services provider’s emergency changes. Things do go wrong from time to time, and how your service provider responds to those issues will affect your SLAs to your customers.

Lastly, how redundant is your cloud environment? It doesn’t start and stop at the hardware, network and storage layers but also continues into the facilities (i.e., power, battery backup, redundant and varied paths for network into the building). There is nothing wrong with asking for a data center tour.

ISVs often want to link between private and public clouds, or they may want to use cloud by tapping into their legacy IT environment to get to market faster.

The availability of hybrid cloud solutions – which allow you to tie private and public clouds to each other and to legacy IT systems – is important to solve IT issues related to temporary capacity needs (i.e., bursting) and to address periodic, seasonal or unpredicted spikes in demand.

Check with potential vendors to see if their assets work together to fully embrace the cloud model and deliver a combination of colocation, managed services and network that best suits your immediate and future needs.


Have you ever tried comparing costs of clouds by vendor? It’s not easy to do, that’s for sure. For the most part, clouds are priced differently. To get the full picture, you need to contrast solution pricing versus individual element pricing.

If you’re doing research, here are a few questions to ask:

  • Does the cloud cost include data center services such as IP addresses, load balancers, VPN and monitoring?
  • Are there any hidden fees involved with storage?
  • Are backup services included or is there an additional charge?
  • What levels of security does the cloud include and what options are there for enhanced protection?
  • What are the network connectivity options and related costs?
  • What type of support is offered? For example, is 24/7 phone support included?

Cloud enables ISVs to implement their offerings in any market in record time. However, true cloud computing for ISVs needs to go beyond just an array of flexible storage and processing capacity. Be sure to conduct research, ask questions and find a solution that works for your needs.