By Todd Scallan, VP of Products, Axcient
When it comes to the cloud, some of the first things that may come to mind are the headlines about significant data breaches experienced by cloud providers, such as Amazon, iCloud and DropBox. Recent discoveries of NSA and government spying raise further concerns about the privacy and security of information that traverses the Internet. While some unfounded fears about cloud security exist, the perception of the cloud is starting to change, at least somewhat, among small and mid-sized businesses (SMBs).
In its recent “Cloud Trust Study,” comScore, a digital analytics company, indicated that 91 percent of SMBs said the security of their organization had been positively impacted as a result of adopting cloud services. For the companies who don’t use the cloud, 60 percent of those said security concerns are still an inhibitor to adopting cloud solutions.
Given this disparity of opinions — as a cloud service provider, reseller of cloud applications, or managed service provider (MSP) offering cloud-based solutions — what can you do to allay security concerns of IT and business managers when trying to convince them to move to the cloud? Here are five key facts to underscore when talking to your customers about cloud security:
The cloud is actually a secure data center. While the cloud may seem like an ethereal location, it really isn’t an imaginary place where magical things happen. The reality is that the cloud is a data center, and if the solution you are selling is from a provider that uses a secure data center (proven with certifications such as SSAE-16, SOC-2, etc.) you should highlight the fact that the cloud is basically a secure off-site storage location. Some solutions use a multi-tenancy model, which means each customer’s data is safely isolated from other customers’ data. Highlighting this to your client can also help to reinforce the fact that data stored in the cloud solution will remain segregated and confidential.
Data is encrypted and not accessible from the Internet. The idea that a customer’s data is being “sent to the cloud” can be offputting and raise red flags about security. You will want to make sure that the solution you represent encrypts data in transit and at rest in the data center using federal-grade standards, with a different encryption key for each customer. With this level of encryption, you can be confident that your client’s data is not accessible to just anyone who uses the Internet, like Amazon.com or other websites, and also is protected from data spoofing.
Highlight the importance a data center makes. In many ways, moving to the cloud is like storing data at another office location. But the key difference finding a data center that provides access controls and security systems that are not likely found in a remote office. It’s like comparing a house safe to Fort Knox. You also will want to consider whether the data center has SSAE-16 certification, along with other operational controls, to ensure that even companies in heavily regulated industries can rely on the cloud while having optimal data security.
Empathize with their insecurities about security. Don’t tell customers they have nothing to fear. Let them know that they are right to have doubts, because not all cloud providers are the same. Some companies, like Axcient, built their cloud platforms from the ground up with data security in mind. This approach is very different from other vendors that may have “cloudified” an on-premise application and ported it to the cloud. Also you should explain that they need to ensure that their cloud provider offers the data center, encryption, and cloud infrastructure to meet their security goals.
Educate the customer about the different types of clouds. Don’t minimize the customer’s concerns about the cloud as a minor obstacle to make a sale. Instead educate the customer on the differences between public and private clouds, different security options, and how the solution you are selling addresses those issues. For example, vendors that are managing the entire stack, and therefore ensuring complete control, of their cloud offering can deliver better control over security than others that have built on top of a public cloud infrastructure provider, such as Amazon or Azure.
While more and more businesses are becoming comfortable with the cloud, and realizing the benefits it can deliver in terms of cost, business continuity, disaster recovery, and data protection, high profile headlines about significant data breaches still leave users feeling uneasy. Clearly cloud security concerns are not going away, and as more businesses adopt cloud applications to run their operations, different challenges will emerge. But, if you educate your customers by following these five guidelines, you can effectively address their security concerns.
Todd Scallan is vice president of products at Axcient, where he leads the product vision and engineering execution of the Axcient platform. He has more than 25 years of product management and engineering experience.