Security And Compliance

Let's face it, the default security stances of most IaaS vendors are significantly more stringent than standard on-premises security practices.

IaaS vendors are also quite used to questions about compliance with common regulations, such as PCI DSS, HIPAA, and Gramm-Leach-Bliley, and some have guides on how to best achieve compliance within their infrastructures. Finally, the Cloud Security Alliance's Security, Trust, and Assurance Registry has responses from many IaaS vendors to a rich set of uniform questions about security practices.

Support And SLA

Every IaaS vendor we surveyed offers 24/7 online support, and most have telephone support as well, sometimes at an additional charge. However, not all telephone support is equal; SoftLayer is the only vendor that says it puts you in touch with a person who works directly on the hardware underlying your VM. Make sure to calculate the cost of premium support for vendors that price support as a percentage of usage, as that can quickly add up.

Every IaaS vendor with a service-level agreement provides credits for future service in the case of an outage, although offerings can be difficult to compare. Amazon and SoftLayer offer 10% of your monthly bill as credit in case of an outage, while Joyent offers 5% of your monthly bill as credit for every 30 minutes of outage, and GoGrid offers 10,000% credit on whatever amount you paid during the outage. Most customers find that IaaS SLAs are noncompensatory; that is, no SLA adequately compensates a company for downtime. SLAs serve more as an incentive to providers to make sure the service is up for the vast majority of its customers. If you have a mission-critical application on IaaS, you must have a multiregion or multicloud deployment, as SLAs don't provide adequate protection.

Additional Services

One of the most exciting aspects of infrastructure-as-a-service vendors is that they're constantly innovating and creating new services that make developing and deploying powerful applications even easier. Amazon has had such a head start that its additional offerings dwarf the competition, but a number of vendors are starting to add services, too.

Some of the offerings unique to Amazon are Route 53 (DNS service), ElastiCache (caching service), CloudSearch (full-text search service), Simple Notification Service, and Mechanical Turk (human worker service). A number of vendors offer or will soon offer NoSQL database services, aimed at customers who need to store a large number of key-indexed records, such as user preferences for a consumer website: Amazon (SimpleDB and DynamoDB), Google (BigQuery), and IBM (coming soon); as well as queue services (Amazon, Joyent and SoftLayer); and email services (Amazon and SoftLayer). Some vendors also offer consulting services, whereas others let partners do the consulting.