Compliance

The traditional model of deploying email, security, archiving, backup and related solutions using on-premise servers and software (or appliances) requires a certain amount of trust—trust in the technology offered by the hardware and software vendors, trust in the quality of the ways these technologies have been implemented, trust in the responsiveness of their support when things go wrong, trust in the patches and upgrades that are offered, and so forth.

However, for those charged with managing these capabilities in the cloud, an almost quantum leap increase in the level of trust is required of the providers offering these services for the simple reason that data is now in the hands of a distant third party. Not only must decision makers place trust in the quality of the hardware and software deployed in the cloud providers’ data centers, the ways their technologies have been implemented, the responsiveness of support staff, etc., but now trust must be placed in several other attributes of the provider(s). These include the quality of the technical team managing the cloud data center, the quality of the management team that runs the business, the overall financial health of the cloud provider’s business, their integrity in managing sensitive and confidential customer data, and their responsiveness in migrating data back to their customers for any reason.

Fundamentally, this creates four primary responsibilities—two for prospective customers of cloud providers and two for the providers themselves:

1. Customers must carefully define the service levels, migration strategy, archiving strategy, messaging policies and every aspect of their communication and collaboration capabilities that might move to the cloud. Many organizations have not yet established detailed and thorough messaging policies, for example, and so are simply not ready to migrate capabilities to the cloud.
2. Due diligence is extraordinarily important in selecting cloud providers because of the high stakes involved. Cloud vendors must be vetted on a number of parameters, including their business model, financial health, uptime, backup strategies, and redundancy. While due diligence is important when selecting on-premise solutions, an order of magnitude more care must be applied when vetting cloud providers.
3. Cloud providers must implement a range of technologies and best practices to ensure that customer data is maintained securely, it can be migrated from and back to customers with a minimum of time or pain, and they must be sufficiently capitalized to ensure that the business keeps running even in difficult economic times.
4. Finally, cloud providers must offer a level of transparency into their operations that will satisfy decision makers charged with evaluating them.

It’s important to note that I’m not arguing against the use of small and/or startup cloud providers. Many of them have solid business models, provide excellent service and have a good record of uptime. Large does not necessarily imply that superior service will be offered, nor does small necessarily imply the opposite.

The bottom line is trust: successful use of the cloud to run critical business operations demands it.