Many consumers and businesses are flocking to cloud computing as they see an opportunity to compete on equal footing with well established firms with big IT infrastructure. Even though there are apprehensions in the minds of clould computing customers, partly due to the myths promoted by some pundits and vendors whose core business is threatened by the proliferation of cloud based services, we are seeing a constant uptick in the customer adoption of cloud technologies.
Cloud computing offers major opportunities but it also offer some challenges. Even though I disagree strongly with the myths promoted by the naysayers of cloud computing, I do understand and realize that the customers should take an educated approach towards cloud adoption. In this post, I am going to discuss some of the issues the customers should take care while moving their data and apps to the web. The customers should ask some tough questions to the vendors in order to ensure that their data is safe.
Anyone who is planning to move to cloud based computing , should ask the following questions to the vendors before trusting their data with them. This is not an exhaustive list by any means but a good starting point. The needs of every customer will be unique and the questions should be tailored to cover specific requirements.
- What is vendor’s approach to the security of their infrastructure? Don’t expect any vendor to share the nuts and bolts of their infrastructure security. However, they should be able to offer an overview of their approach.
- What are the security procedures that are in place to protect the data center? How many employees have access to the
data on their infrastructure and how well they are vetted? - What are the encryption technologies used by the vendors to authenticate users to the services? What level of encryption do vendors offer to their customers to protect their data?
- How secure are their SaaS apps and do they work with any independent security group to establish the security of their app code?
- What are their terms when it comes to ownership of data?
- How easy it is to export the data from their service in order to move to a new service? Are there any extra charges for exporting the data out of a cloud vendor’s service?
- Do they delete the data completely when the customer deletes it from their web service?
- What is their privacy policy? Do they use customer’s data to promote their business interests like offering advertisements based on the data content, selling the customer behavior/information for third party marketing, etc..
- What is their policy when law enforcement sends a subpoena to grab the customer data? Are they going to hand over the
data on a golden platter or are they going to take the fight all the way to offer as much protection as possible from the big brother? - Courts are still not sure of how they treat data in the cloud vis a vis data on the personal desktops. Customers should prod the cloud vendors into taking initiatives to change the existing laws and to offer better protection for the data in the cloud.
- How many copies of customer’s data do the vendors keep and are they stored in geographically separated regions?
- If they are stored in geographically diverse regions, what are the countries where the data resides and what are the laws governing security and privacy of user data in those countries?
- Do they offer SLA for their services?
These are some of the questions which the business customers should definitely ask the cloud vendors. Individual consumers may not bother about many of the questions listed above. However, these questions, and few others based on the individual business needs, are very important for customers in the SMB segment before they trust them with their business data. It is also advisable for the cloud vendors to tackle such questions in the format of a FAQ and such an approach will help motivate more and more people into moving their data to the clouds.
This is an excellent collection of the issues that have been identified to date. I think the questions of data ownership, data rights and SLA (including what technologies they provide to support measuring SLAs) are the ones most often overlooked. Check out the Cloud Computing Bill of Rights at http://wiki.cloudcommunity.org for a laundry list of these types of issues.
Thanks James for your comment. I will check it out.
Availability – What good is an online application if it is not available?
Security – Need I say more?
Reliability — This is kind of related to #3 in the Five cloud-computing questions article, ensuring things are running in tip-top shape
Excellent post.
Excellent, excellent list.
Very good article, and you list very important factors that MUST considered. Since the dependence on a SaaS vendor is going to be continuous, its very important that rigorous criteria be applied before subscribing. We had ourselves done a whitepaper on “SaaS Vendor Selection” you may be interested to look at – http://www.hyperoffice.com/saas-reviews-for-smbs/
Well done. Just read an article on selling SaaS that just totally missed the target. Hopefully they will read your article and re-think their SaaS selling guidance.