RightNow's DoD play: a good antidote to the cloud security naysayers

Earlier today I had a conversation with Kevin Paschuck, VP of Public Sector and Laef Olson, CIO of RightNow. We discussed their recent high security announcement which highlighted work being done with the US Department of Defense.

Earlier today I had a conversation with Kevin Paschuck, VP of Public Sector and Laef Olson, CIO of RightNow. We discussed their recent high security announcement which highlighted work being done with the US Department of Defense. The backdrop was this from the announcement:

RightNow’s new hosting capabilities use DITSCAP/DIACAP to ensure compliance with DoD Instruction 8500.2, meet US Federal security standard FISMA (NIST 800-53) and include a 24x7 dedicated security and information assurance team. For civilian agencies with requirements similar to the DoD, RightNow now offers a second, highly secure hosting environment to meet their needs.

According to Paschuck: "There's been tremendous buzz on cloud computing in the DoD but it takes time for them to take action. We've spent the last year working out requirements, consulting with security teams and so on to understand how we could help them move from on-premise to the cloud."

The key, it seems, was to demonstrate that RightNow understands and can provide the service element necessary to meet DoD needs such that they could safely deploy onto the military's internal cloud. According to Olson: "Saas vendors generally are selling software rather than the services needed for this style of operation. We worked on delivering transparency and documentation for topics like incident handling, change management, root cause analysis and making it consumable by IT. Unless you do that you'll never get acceptance. They can't have a saas 'black box.'"

Yesterday, RightNow presented to a group of government customers and potential buyers. They had expected significant push back and skepticism. Instead, the company's ability to show a couple of real world examples that are migrating with more than 1,000 call center seats a piece made a big difference: "It was a surprise and the questions were more about how they can get there [cloud.] There were no questions about our capabilities," said Pashuck.

This has to be good news for the saas/on-demand/cloud apps business. I continue to hear rumblings about security as an IT issue. RightNow is demonstrating that by addressing concerns head on, it is possible to deliver enterprise class, secure environments that compete successfully with the traditional on-premise providers. Whether newer players can do the same is a moot point. RightNow has a 10 year history as a provider to the Federal Government which gives it an advantage in incumbent renewal deals. Even so, to have started the process of moving demanding customers over to the cloud should be applauded.

Can the on-premise providers compete? Pashuck provided a predictable if telling response: "Oracle has its cloud offering, SAP will get there but in reality they both still want to sell a five year model where you guess the number of seats and pay upfront. I think we're showing that on-demand has a much clearer and easier to consume proposition where you only pay for what you use."

I have some knowledge of US DoD technology choices and wondered whether RightNow sees this as an opportunity to encourage the many agencies to adopt a standardized security and deployment model. While the company would not go that far they see the potential: "It's a good question but today we have to recognize that each organization has its own certification requirements. Our job has been to architect solutions that meet their intense proof points. I think we've done that," said Olson.