Cloud trust needs to be earned. Robert Grazioli, CIO of SuccessFactors, an SAP Company, provided the following advice on building that trust.
The hype and excitement surrounding cloud computing is reaching a fever pitch, yet many businesses are still expressing concerns over cloud security and IT integration issues. How can distrust of the cloud be resolved, and is the cloud worthy of the current hype?
There's a paradox at play here: The cloud is generally agreed to offer significant potential. Yet, some businesses are failing to tap into the huge opportunities offered by cloud computing due to a lack of trust.
In a recent global survey of 360 businesses by Knowledge@Wharton and SAP, 67 percent cite "security breaches and data losses" as their main cloud computing concern. This concern with the cloud is similar to when the personal computer was introduced. Large companies resisted its deployment for a long time due to questions about security, costs and more. Deployment spread only after PCs started being purchased by CEOs, and IT organizations had to figure out a way to integrate them successfully.
Information is powerful weapon in the battle to eliminate cloud concerns. The following are three questions business and IT leaders should ask before moving to the cloud:
What laws should govern my cloud computing technologies?
There is a complex legal regulatory environment surrounding cloud computing that both customers and providers need to consider. In the United States, there are industry-specific laws governing the cloud computing environment. In certain domains, such as medicine and banking, stringent legal and policy frameworks, not unreasonably, constrain the ways in which data may be treated.
For example, under the Health Insurance Portability and Accountability Act (HIPAA), there are three security safeguards required for compliance: Administrative, physical, and technical. The act establishes privacy and security standards for the use and disclosure of certain health information in electronic form and transaction standards for the exchange of health information. Additionally, the Gramm-Leach-Bliley Act (GLBA) requires financial institutions storing data in the cloud to annually notify each customer about the personal information they've collected, where that information is kept, how it is used, and how it is protected.
Approaching security for the cloud requires a master plan using the requirements from industry-specific laws. Understanding federal, international and state laws governing cloud computing will help companies ensure legal compliance and enable customers to gain confidence in cloud security.
How can I ensure my provider is complying with industry best practices?
Companies need to create a set of rules and policies that govern the terms and conditions for consuming cloud resources (the compute, storage, and network). This is called the orchestration layer. Without this orchestration layer, adherence to service-level agreements (SLAs) and the capability to manage the creation, activation, and ongoing support of all the resources is at risk.
Clear and well-defined SLAs are the best way to make sure governance can be integrated into the customer's organization. Customers can include regular audits by 3rd party organizations in their contracts to ensure the provider complies with best practices and any legal obligations. Additionally, POC testing is mandatory: companies should go into deployment with no questions unanswered. Customers can also explore "try and buy" options and have "opt-out" languages in the contracts.
How can the cloud benefit my business today and in the future?
The Knowledge@Wharton/SAP survey shows 87 percent of businesses believe cloud computing will transform their business or industry, and 47 percent see cloud computing as a driver for innovation and differentiation. There are a number of reasons for considering a move to the cloud, but the most compelling is the ability to lower total cost of ownership and the flexibility it gives businesses to work on strategic initiatives.
Cloud implementation is much more straightforward than traditional software. There is a fixed fee, so companies know exactly how much they'e going to pay each month or year depending on the model. Cloud vendors usually price based on a per seat model. This allows companies to add or subtract users without additional infrastructure and staffing costs.
Another cost-benefit factor is the value of agility — the ability for businesses to quickly respond and make changes to meet dynamic circumstances. For example, if there is a business need for a new system, companies can simply provision the resources required from public cloud providers. This process is much easier than configuring and hosting hardware and software assets.
In a couple of years, we'll be hearing companies talk about how cloud technology helped them create a much tighter connection between IT and business transformation. All it takes is trust.