Feature

In-depth: Selling cloud without the scare factor

There has always been one major hurdle holding back wider adoption of the cloud, the small matter of security. With data leaving a user's network and residing in the cloud the concerns over the protection around that information have often proved to be too much for users to consider making changes to the way they approach their IT infrastructure, writes Amro Gebreel.

But with most of the industry not only able to reassure users but demonstrate security products that do the job resellers need to tread carefully but have to provide the answers that customers are looking for without scaring them off.

First of all resellers should not underestimate how much security is a concern for customers. Recent research from Acronis showed that 39% of businesses globally put it at the top of their list of concerns.

 "This is why security worries around the cloud need to be addressed straight away. Forrester research recently pointed out that levels of security achieved by cloud service providers are actually often higher than those seen in a company's own datacenter," said David Blackman, general manager of Northern Europe at Acronis.

Ian Kilpatrick, chairman of Wick Hill Group, says that the worries around security have held back cloud adoption.

"We have a large group of potential customers who are not making buying decisions because of concerns about security. And a whole range of actual early adopting cloud users who bought in for cost savings, but who are still expressing concerns about security," he says.

"For resellers to talk to clients about buying into the cloud and ignoring the 'elephant in the room' doesn't make sense.  Resolving the concerns of new and existing users is a huge opportunity to meet customers clearly expressed needs, close business, and, as part of that process, sell them the security that has prevented them purchasing, or extending their existing commitment to, the cloud," he adds.

But far too often security issues are raised as a frightener in some sales situations when the reseller should be focusing on business issues instead.

"Anything can be secured -- or not secured -- according to the customer's priorities and needs. So the way to approach the cloud security issue without scaring customers away, is to calmly ask their needs and what they are looking to achieve.  Then you can start to devise an appropriate solution for them," says Terry Greer-King, Check Point's UK managing director.

"It all comes down to how much risk they are prepared to expose themselves to, what risks they absolutely need to mitigate, and what they are responsible for.  By looking at those three simple points, it's easy to take a measured approach to the problem," he adds.

The trick seems to be calming customer concerns from the outset rather than waiting for the worries to crop up later in the cloud sale discussion.

"It's always best to bring up the subject first to alleviate concerns from the outset, allowing them to then listen to the business benefits without security concerns clouding their judgment and blocking key business advantages going in," says Robert Rutherford, managing director of QuoStar Solutions.

He adds that most of the concerns are relatively straightforward to deal with if the reseller knows the services they can offer and has the answers to what happens to the data in an external environment with the ability to tell the customer what will happen to their data in the worst case scenario.

"Everyone fears the unknown, thus it's the job of the solution provider to educate the customer and to ensure that they understand exactly what's involved - managing the customer's expectation is everything," he adds.

Services are key with others in the channel echoing the need for the reseller to understand their proposition thoroughly before they talk cloud to a customer.

Nessa Lynchehaun, UK channel director at Mimecast, believes that with all the concerns about data integrity it's understandable that any talk of cloud is going to be treated with respect by the customer.

"Cloud security is obviously an intense area of scrutiny for SMEs looking to adopt cloud, but the truth is that any system comes with some element of risk and the cloud in general is neither more or less secure than any other system; it all depends on the individual technology used," she said.

"Security should be a reason to adopt cloud services, not to avoid them, and this is a key point in any security discussion with SMEs. Unfortunately, in today's market it is extremely difficult for SMEs to differentiate between cloud providers who offer secure, controllable solutions and those whose systems are less securely architected," she added.

"One useful indicator is to look at how long the vendor has been offering cloud-based services, as those who have been around longer and have a loyal customer base are likely to be a safer choice. Ultimately resellers need to have confidence in the technology they're offering and be able to have an open and honest dialogue with both the vendor and the customer," she concludes.

But the other point that needs to be made by resellers is that looking after data is not that different in the cloud compared to the physical alternatives they are currently using.
Stefan Haase, divisional product director - data cloud services at InTechnology, points out that it's important to emphasise that the cloud poses no more risk than businesses managing their own data independently. 

"Ultimately it comes down to trust. Putting trust in a cloud-service provider doesn't have to be any more risky than outsourcing IT services. An understanding of a cloud-service provider's reputation, knowing where and how data is stored and its security safeguards should reassure a customer that their organisation's data is in safe hands," he says.

"These messages need to be made clear at the start of the customer relationship, any response to their concerns should be honest, pragmatic and reassuring, giving the customer a clear understanding of not only the risks but the overwhelming benefits of cloud computing. It's the service provider's responsibility to educate their customer and give them a 360 degree view of cloud computing - warts and all," he adds.

Some SMEs are already using cloud based services and that can be a springboard for a discussion about using more in other parts of their business operations.

"It's important to realise that many SMEs are already using software services like anti-malware in the cloud. So, the concept isn't alien but you need to win their trust to make the next big step to move more of their core IT functions in this direction. The challenge isn't as daunting as you might expect because the two critical technologies - authentication and encryption - are proven solutions for protecting data off and on a cloud service," says Mike Smart, solutions director EMEA at SafeNet.

"What needs to be emphasised for a SME customer is that these technologies give them the clear visibility and control over their data within a cloud service.  Authentication ensures only they have access to their data regardless of where A SME puts it; while encryption allows them to separate their data from everyone else's, as well as from the cloud provider itself," he adds.

When it comes to the current situation, even before the cloud is considered, most SMEs are incredibly vulnerable, points out independent industry consultant Graham Oakes.

He finds that many SMEs are currently highly vulnerable and they often pass data around via USB sticks; they download data to unencrypted laptops; they use services like Google Docs in an ad hoc way; they can't afford a dedicated security team. In fact, one could argue that many SMEs are vulnerable precisely because they're not using the cloud in any systematic way.

A decent chat about cloud security should lead on to a more general discussion. That is the experience of Rob Lovell, CEO at ThinkGrid, who believes that once the security cloud issue can be ironed out then more widespread changes can take place in a customer.

"The reality is that even before cloud, security for SMEs was generally an afterthought. The business advantages around a specific technology solution would always outweigh any potential concerns around security.  Resellers must therefore enter discussions with a clear idea of how cloud can improve a customer's business," he says.

For example, it could be about how the Opex based nature of the cloud frees up capital that can be reinvested in business growth. Alternatively, anytime, anywhere access to cloud services can significantly help improve productivity by allowing employees to work remotely yet, still have access to the same resources as those in the office. At this point you can proactively address security concerns by demonstrating how IT is actually much more secure in the cloud.

"Alongside the broader advantages of the cloud, such as having a huge team of professionals managing the infrastructure opposed to one or two in-house staff, barriers around security begin to drop. After this, it literally becomes a conversation about what else can be placed in the cloud," he adds.

Those resellers that crack the delicate balance between facing up to the security fears and offering the solution should find that they can build a lasting relationship with a customer.
After al as Adrian Davis, principal security analyst at ISF, believes businesses should treat the cloud as they would any other external supplier - cloud is just outsourcing. 

"When a business buys a cloud service they are normally held to the provider's terms and conditions.  This means the business needs to eliminate any ambiguity by clearly specifying security requirements in contracts, service level agreements and end user licence agreements," he says.

Get those ducks in a row and the reseller has a genuine chance of landing a cloud customer that will look to them for guidance and services well beyond the security issue.

This was first published in July 2011

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.