I was privileged, yet again, to speak at the Forrester Security conference in Paris this week, where I got a first hand glimpse of what’s on the mind of European businesses. What I found particularly interesting is that European organizations are looking at cloud and security in a way that may surprise you. Yes, vendors are definitely talking about cloud in Europe; the event was filled with vendors discussing cloud. Yes, European businesses are embracing the cloud; we had plenty of customers in the audience come up and ask us how to measure cloud performance and ensure data integrity and safety in the cloud. However, to say that there aren’t concerns about cloud security and privacy would be an understatement. To illustrate this point, I’ll paraphrase what one of my fellow speakers said about the cloud.
The person, of whom I speak, is the CIO of an enterprise company and commented about how the very word cloud is opposed to the concept of transparency. As simple and useful as the term cloud is for describing a complex IT service delivery model in a very easy to understand manner, very little about cloud computing can be said to describe why it is safe or transparent. Something that is defined as cloudy is something that is difficult to see through. Is this the best term to describe an important IT service like cloud computing?
I see his point. As a CIO, he is responsible for the vision of his company’s IT future. Others may implement that vision but the responsibility is ultimately his. The last thing he needs is to embrace a cloud solution only to have no means of letting his organization know how their data is being protected. Other CIOs like this gentleman do struggle with cloud computing, particularly when vendors and MSPs try and push a public cloud vision on companies who still want security and privacy to be maintained, just as it was when the infrastructure was maintained on site. The data seems to suggest overwhelmingly that the enterprise is interested in cloud, as long as it is private cloud. So, what are we in the MSP professional community to do?
Maybe it’s just a cute play on words, but the CIO’s claim that cloud is not transparent does have some truth to it. Just as MSPs have had to deal with their Achilles heel (transparency of their internal operations), so to must cloud providers and enablers try and keep transparency in their mind when dealing with the end user customer. Businesses do want cloud and lal the benefits. But, they also want the benefits of what they used to have. Is this possible? Yes, I believe so.
Transparency in the cloud is very much possible. Visibility to the customer can be obtained by achieving external 3rd party audits (like the UCS cloud audit) as well as by adopting practices of disclosure that help customers and partners better understand how their cloud works; not enough to make it vulnerable to attack, but enough to allay any fears by customers about what is going on in that cloud. Why should you do these things as a service provider? Because your customers want to know. Customers have to know and will ultimately demand this knowledge. To not have an answer, in this era, is tantamount to not caring about your reputation and can be very dangerous to how customers view your posture to data security and privacy.
So, my advice to every MSP out there is…practice cloud transparency in everything you do. You will not be sorry you did!