There really should not be a worry about security and the cloud any more. The technology is out there to make things work and the companies selling it have everything to lose if they make a mistake.
Despite this, there continues to be a lingering doubt among customers about whether moving to the cloud, particularly the public cloud, is going to be good for the security of their data.
The challenge is to educate the user on their fears and overcome resistance to push the cloud sale forward. As it stands, there are many customers talking about adopting hosted applications and services, but not too many rolling it out extensively across their businesses.
A good place to start, having agreed that security issues do hold things back, is to try to work out what that actually means. The reseller might be quite surprised by the answer from the customer.
“When considering security issues as factors that hold back customers from investing in the cloud, it’s important to understand what’s meant by security,” says Mustafa Naja, hosting and managed services solutions specialist at bluesource.
“Most commonly, in our experience, it relates to how confident organisations are in using the cloud to support business-critical applications and where essential business data resides. Within this definition, private and public cloud solutions are viewed differently.
"There is far less resistance to using the private option, as organisations have dedicated environments in which to host applications and data. With public clouds, there is a perception of reduced security when multiple tenants share the same environment,” adds Naja.
This suspicion towards the cloud seems to have resulted in a preference for the hybrid model, which some suppliers initially saw as a stepping stone on the route towards full-blown cloud adoption, but is now becoming the norm.
The market has adapted to the hybrid reality and Naja highlights Microsoft Office 365 as an example of some staff using it to host emails via the cloud, with other executives opting to keep everything on-site.
“Our customers are continually evaluating the public cloud model in growing proportions and we are seeing higher adoption rates – as customers wish to benefit from flexible storage and achieve greater savings and lower management overheads," he says.
"Over time, as customers gain more confidence and providers insulate and innovate, the public cloud platform will have minimal barriers to entry. However, in the meantime, private cloud and on-site applications will continue to play a critical role in application hosting.”
Public sector concerns
Aingaran Pillai, CEO and founder at Zaizi, told MicroScope that a recent survey it carried out with iGov about collaborative working suggests that security concerns may indeed be holding back cloud adoption in the public sector.
“A full 93% of the people we surveyed said they had a strategy for securely managing sensitive or confidential information. However, only 36% of these had adopted cloud and only 11% had bring-your-own-device (BYOD) policies,” he says.
“Although the situation is improving, this tells me that we need to redouble our efforts to educate public sector IT buyers on how cloud deployments can be implemented to meet the highest security standards,” he adds.
At some point in the security conversation there might also be a moment when the customer talks about snooping and just who is going to have access to their information. The US National Security Agency (NSA) surveillance practices, disclosed by whistleblower Edward Snowden, is not an issue the channel can ignore. Because it has been so widely publicised, it is likely to have seeped into the consciousness of the customer.
Another problem has been not just working out what is meant when someone says ‘security’, but also what they mean when they say ‘cloud’. As a result of the confusion, some customers are failing to look at the issue with the right perspective.
“Currently, many IT decision-makers are confused by what cloud really means and, while this confusion exists, they will be applying old-school security habits to cloud technology. Customers always want to know that their data is secure and will not be compromised. As a result, many IT departments have kept their data on-premise, despite the cost implications," says Steve Nice, CTO of Reconnix.
"This trend will remain ingrained until IT decision-makers understand the fundamental shift in how applications are designed for the cloud,” he adds.
Once the definitions of security and cloud are sorted, the reseller will have to acknowledge that some customers will have different requirements. Some of these will be for legal reasons and some will be as a result of the cultural habits of a vertical market.
Oscar Arean, technical operations manager at Databarracks, says there will always be some data security concerns for certain businesses.
“Data sovereignty or compliance requirements can often be a barrier to adoption for sectors with stringent security needs. These barriers don’t make it impossible to use cloud services, but they do add an extra level of complexity for CIOs to navigate, which can be off-putting. The market is maturing, though," he says.
"In many cases, regulators are starting to catch up with the rate of cloud services and governing bodies are being more proactive in offering definitive advice and best practice about which services can be used securely.
“Even the most security-conscious sectors are beginning to take their first steps into cloud computing, as we have seen in recent months with central government, legal and banking. We’re hearing the blanket response of “we can’t use cloud services because they aren’t secure” far less than we did even 18 months ago. This is a good indication of the changing attitudes towards cloud security,” he adds.
Another factor to remember is that although cloud has been knocking around the industry for years it is still a relatively new concept to some customers. As more adopt it, the trust will grow and more word-of-mouth examples of success will be shared. But, for some, the whole expedition into the hosted world is something fresh and potentially alarming.
More on cloud security
- Poland’s financial services sector weighs cloud’s risks and rewards
- Assessing cloud security controls key in repelling cloud attacks
- Cloud suppliers call for clearer guidelines over revised security classifications
- Virtual DMZ security in the cloud
- Cloud access brokers top security technology, says Gartner
- Infosec 2014: Datacentre security key to cloud security, says Google
“Cloud adoption is still very much in its infancy, despite the buzz and hype being around for a few years now, and it varies depending on the type and size of organisation. For example, smaller businesses with no IT departments are likely to rely heavily on the cloud and put sensitive information in it, but will not have an in-depth understanding of security," says David Howorth, vice-president at Alert Logic.
"This means that they very much depend 100% on their cloud service providers to help on this front, whereas larger enterprises might be more IT-savvy. A large percentage of drivers for the move to cloud are not purely IT-led. Various businesses or business departments realise they can streamline processes and improve efficiency by moving certain aspects of the business or applications into the cloud.
"This presents a problem for IT – if there is an IT department – which is not always consulted before this move. Business or department managers need to understand security implications of the cloud and recognise what the cloud provider is responsible for and what responsibilities they take on,” he adds.
For those customers not quite sure of the things they need to be thinking about, a reseller could easily get them to ask questions around their legal obligations, data migration plans and what sort of things they are looking for from a cloud provider. Making sure that security is one of the things on that list is also important.
“As new IT technologies emerge with compelling advantages for adoption, security often plays catch-up. The business benefits and advantages of cloud adoption are so strong that organisations are moving ahead with projects and, much like we saw with the adoption of Wi-Fi, more integrated security will catch up,” says Fred Kost, vice-president of security solutions at Ixia.
“Organisations need to ask questions and assess the security protections and controls that are used. In this respect, channel operators have a valuable role to play and need to position themselves as value-added resellers that can steer enterprises towards the best cloud security solution for their business,” he adds.
The benefits of moving to the cloud are starting to be so widely understood that they are forcing those companies that have delayed because of security concerns to reconsider their position. With many users trying to deploy technology to become more competitive, the idea of missing out on something that provides flexibility, agility and wider market reach is a real danger.
"With many enterprise cloud deployments now successfully up and running, plus the integration of the bring-your-own-device (BYOD) culture in the workplace, the complex issue of data security has leapt to the fore," says Andrew Lintell, sales director for identity assurance Emea at HID Global.
"While data security may have prevented organisations from previously investing in the cloud, like any route to data – whether it be the physical door, the network or the cloud – with strong authentication solutions in place, businesses are realising that this data can be adequately protected,” he adds.
Even if the company doesn’t fancy moving to the cloud, the chances are that the staff will push them in that direction as they look for more hosted options to help them gain flexibility at work. It is this employee-led demand that some of the large telco providers are banking on seeing to fuel a drive in both cloud and device sales and adoption.
Jonathan Kini, enterprise commercial marketing director at Vodafone UK, reveals that the firm expects more cloud adoption because of the need to share data and support flexible working practices.
The cloud is inherently more secure than anything we have seen before
Peter Cochrane, independent analyst and futurologist
“IT departments must consider the importance of understanding workforce behaviour and the move towards flexible working. They therefore need to ‘bend’ towards user demand for cloud services that make it easier for them to work the way their job demands. If they don’t, IT departments will be fighting a losing battle to control corporate data security,” he says.
“Users rarely appreciate the risks involved with unregulated use of free, consumer-level cloud services. Therefore, where there is a business need for cloud services, IT should align to support the workforce rather than live in a state of denial. After all, cloud services can be a more secure method of allowing users to access data away from the office than alternatives such as USB sticks or downloads to laptops and smartphones.”
Bringing it back to people is key. After all, ensuring high security is often about making sure the way individuals interact with data is done in a certain way. The time has come for resellers to encourage customers not only to overcome their security fears and the cloud, but also to get past some of their resistance to changing the way staff work.
Peter Cochrane, ex-CTO of BT, now independent analyst and futurologist, believes this is all about perception and people.
“The internet was built to be attacked – it is inherently insecure and a hacker's dream. The cloud is inherently more secure than anything we have seen before. BYOD does not make things worse, it actually makes them better. But we have to do and think differently from now on – with security foremost in our minds,” he says.
“In some cases the industry might be slightly behind the curve, but those customers that have ruled out a move to the cloud in the past should look again because innovation is happening at a rapid pace,” he concludes.
This was first published in August 2014