Why cloud computing is slowly winning the trust war
Seeing skeptical CIOs agree to cloud-based pilots of Customer Relationship Management (CRM), Enterprise Resource Planning (ERP) and other applications is evidence of how cloud computing is slowly winning the trust war.
Further evidence can be seen from how skeptical many of these CIOs initially were, and how successful pilots led to their gradual trust.
This trust hasn’t come cheap however.
Every one of these CIOs spoken with, across a range of manufacturing companies, learned that Service Level Agreements (SLAs) aren’t sufficient to manage the areas of security, privacy and confidentiality on their own. Cloud computing vendors have used SLAs as a means to imply security standards are met; one CIO told me he had an audit done to see if the SLA targets promised were realistic.
They weren’t and he moved on to another vendor. That is the level of skepticism and lack of trust many CIOs initially have about the cloud today. Add to that how much Europe doesn’t trust the cloud, and any CIO of a manufacturing or services business that has operations globally has ample reason to be skeptical about cloud computing. The highly visible failures of Amazon, Apple, Google, Microsoft continues to fuel skepticism and distrust of cloud computing as well.
Despite these factors, cloud computing is slowing winning the trust war. Here are the key take-aways from my conversations and visits with CIOs and their departments over the last two weeks:
- Service Level Agreement (SLA) claims of security, privacy and confidentiality often only partially cover the unique needs of a given business – rarely all of them. CIOs complained that the SLAs they were initially given for cloud pilots by vendors lacked any insight into their core business, how it operated, and how the cloud-based applications could contribute greater insight and intelligence. Only after several revisions and additions of performance measurements tied to business strategies did these skeptical CIOs let the pilots go on. Model contracts for defining privacy, for these CIOs, are also losing credibility. These CIOs forced the issue of a highly specific privacy plan from vendors and got them.
- For global cloud deployments, CIOs viewed the development a roadmap and plan for how to deal with transborder data flow restrictions and in-country compliance for data confidentiality, security and personal information protection as critical. One manufacturing CIO is setting up a two-tier ERP system throughout Europe has to first define the global privacy regulations across each nation and province. Depending on the European nation this could include defining the physical location, contents and specific configuration of every server used. Germany has among the most intensive data protection rules and requirements, which further require intensive roadmap and plan development to stay in compliance.
- The most skeptical CIOs run scenario tests of full data and record extractions during pilots. This is a safeguard in case the relationship with the cloud provider goes badly, and also to make sure they can quickly get their data back and avert vendor lock-in. As part of this many CIOs want to see proof that data deletion has worked correctly on the provider’s servers.
- The most trustworthy cloud computing pilots quickly move beyond basic analytics including ROI to deliver expertise and knowledge specific to the clients’ business. This is the most powerful dynamic of all in the victories cloud computing is having in the trust war. When a cloud pilot moves beyond showing how it can automate a process – say payroll for example – and starts making contributions to the expertise and knowledge of a company, trust grows quickly. At that point trust becomes an accelerator for cloud computing and the platform and applications become part of the IT strategy of a business.
Bottom line: Trust is the greatest accelerator there is in cloud computing’s growing adoption, and that’s earned when cloud applications get beyond simple metrics to delivering insights and useful intelligence on secured platforms.
Additional Reading and References:
Demirkan, H., & Goul, M. (2013). Taking value-networks to the cloud services: Security services, semantics and service level agreements. Information Systems and eBusiness Management, 11(1), 51-91.
Khan, K. M., & Malluhi, Q. (2010). Establishing trust in cloud computing. IT Professional Magazine, 12(5), 20-27.
John C. Roberts, II , Wasim Al-Hamdani, Who can you trust in the cloud?: a review of security issues within cloud computing, Proceedings of the 2011 Information Security Curriculum Development Conference, p.15-19, September 30-October 01, 2011, Kennesaw, Georgia
Rodero-Merino, L., Vaquero, L. M., Caron, E., Muresan, A., & Desprez, F. (2012). Building safe PaaS clouds: A survey on security in multitenant software platforms. Computers & Security, 31(1), 96. Link: http://hal.archives-ouvertes.fr/docs/00/65/73/06/PDF/RR-7838.pdf