Cloud computing is no longer the new kid on the block, and the technology has continued to display its advantages—and its savings—to both enterprises and small and medium-sized businesses. Cloud storage and cloud-based solutions have become go-to offerings in solution-provider portfolios. But despite their being nearly everywhere, cloud solutions and the relationships surrounding them can still cause confusion and, if they’re not managed correctly, can lead to regrettable misunderstandings, if not outright horror stories.
So if you’re planning to sell cloud solutions, here are three questions that a reliable cloud vendor should be able to address for you and your client.
Who’s Responsible for What?
Cloud relationships can sometimes be murky with regard to how responsibilities are broken out between the client and the vendor. Those clients who don’t properly understand how the cloud functions may instinctively think that because they’ve created a relationship with a third party, the third party is then responsible for making sure that all of their data are secure. But with cloud computing, it’s not that easy. Because a business is using an internal network that’s integrated with its cloud solution and because data are flowing to and from that network all the time, there are elements of security inside the enterprise that the vendor can’t manage, just as there are elements on the cloud side that the enterprise can’t touch.
Because of this, the vendor needs to be clear about what it will be securing and what the expectations are for the client so that nothing is overlooked by accident and assumed secure when it’s actually a gaping security risk. Some of the biggest cloud vendors out there have taken note of how critical it is to have a clear understanding of who does what in a cloud relationship—Amazon Web Services, for instance, has codified this clarification into what it calls a shared responsibility model.
How Secure Is “Secure”?
While it’s true that cloud deployments have responsibility split out between the client and the vendor, that doesn’t mean that the vendor is necessarily doing everything correctly. This is what often makes clients nervous. Because they don’t handle the security on the cloud provider’s infrastructure, they can’t see the network setup, and so there are certain things on the cloud side of the security equation that can seem like a bit of a black box. And because of the diffuse nature of cloud computing, with the infrastructure apportioning out data to many different servers, it is sometimes not even possible for cloud vendors to tell clients exactly where their data physically reside.
Difficulties aside, clients are rightly demanding as much transparency into the security protocols of the cloud vendors they’re working with. “That’s not how the cloud works” is neither an answer to the question nor an excuse for poor security protocols. Vendors should be able to give clear and accurate information about the steps they are taking to secure their clients’ infrastructure.
Who Owns the Data?
Whether a client is using a cloud-based solution strictly for storage or is using a cloud-based app into which end users are entering information to do business, this may leave a client without an extant copy of those data in-house. And if the cloud vendor goes south, that means the client’s data might go with it. This is something that clients quite obviously want to avoid.
So hammering out who owns what between people on all sides of the relationship who understand what’s at stake is critical. Figuring out exactly what data will be captured, where those data will reside, and what the process will be for getting the data back in the case that a relationship ends are necessary parts of getting a cloud relationship started. Having the terms of a potential breakup with a vendor all determined on the contractual level can save a client from, at best, stress, or at worst, damage to its business from data loss.
What sort of information do you see clients asking for from cloud vendors?