This will be the second year that my colleague Adrienne Hall, general manager, Trustworthy Computing keynotes at RSA Europe. Last year she spoke about botnets being the backbone of cybercrime, highlighted the security practices IT professionals can continue to focus on, and mentioned the partnership with law enforcement as important to making progress. The subject of this year’s keynote is more esoteric; Adrienne talked about trust relative to cloud computing; specifically, that cloud vendors need to demonstrate a variety of capabilities to increase confidence and stimulate further cloud adoption.
Adrienne recalled numerous conversations with customers about the cloud and cloud vendors, and noted the areas they often needed reassurance about concerned security and reliability practices, protecting the privacy of data, and risks associated with compliance.
In her keynote, she proposed that such concerns are behind the fact that whilst three companies in five are using the cloud, one is still thinking about it and the other has no intention of making the move (source: IT Governance Institute Global Status Report on the Governance of Enterprise IT – 2011).
But we’ve been here before. In Adrienne’s keynote she pointed out that trust has been the hurdle that most new technologies had to overcome before broad adoption. For example, in the early days people didn’t trust cameras because they thought they stole part of one’s soul. Similarly, concerns about infectious disease transference held back adoption of the telephone.
Unlike the camera and phone, there are very real concerns connected to the cloud that the IT industry has to address for its customers. Concerns such as handing over control to a third party for the storage of valuable data, and complying with national and international laws and regulations.
So how should you as a potential consumer of cloud services, base your decision on whom to trust or not trust? What are the questions you need to challenge your potential cloud suitors on?
Whilst each customer’s needs are unique, Adrienne proposed three fundamental points every potential cloud customer should be 100 percent on:
- Can the vendor demonstrate a true commitment to producing cloud products and services that are secure, from the ground up?
- Are you convinced that the vendor’s commitment to operational integrity exceeds those required to meet various certifications and accreditations?
- And when the unexpected happens, are you satisfied that your vendor has the resources, expertise and levels of preparedness to cope?
Let us know what you think, and check back with us next week for a review of the conference.