Trust and Liability in the Cloud Age

July 27, 2010 Appirio

Shawn DeVries and Dan Arrigan

Recently, we had the opportunity to take the message of cloudsourcing to a small group of technology executives, providers, and consulting firms. This small group forum was typical of technology breakfast seminars: someone (Appirio) acting as discussion lead on a particular topic (cloudsourcing) and facilitating this discussion through real-world examples, cloud roadmaps, and eye-opening industry trends.

Appirio employees are lucky enough to act as subject matter experts and discussion leaders among their respective local colleagues in IT and business. While these peer networking events are wide-ranging, from technical user groups to business roundtables, a common thread has emerged in conversations around cloud and SaaS: as a technical leader or business executive, how can I place trust in a cloud vendor to run 100% of my IT operations, and how do we protect ourselves against liability should something fail?

This is not a new topic, and has been discussed before among IT practitioners that have much to lose in a cloud outage or failure. The difference now versus two years ago is the momentum at which companies and organizations are moving to the cloud. In other words, companies are now moving beyond single, siloed, technical SaaS solutions and to the next “tier” of cloud adoption.

The conversation amongst the 20+ practitioners at this event was lively, with some of the typical objections and concerns raised around cloud computing. But in the end, the majority of the dialogue amongst the attendees was around trust and liability.

In this new age of cloud computing, how does a company trust a solutions provider and cloud vendor with running critical business processes in the cloud?

First, let’s talk about trust, but let’s use the executive relationship between two fictional companies as a starting point. The example scenario is typical of many vendor-client relationships. For this discussion, the meeting is an executive presentation of findings discovered through an assessment of “cloud readiness” by a cloud solutions provider.

On one side of the table is the executive management team from a large financial services firm that is looking to reduce their overall IT spend, but also improve their ability to respond to changes in the marketplace in a timely fashion. The vision of the CEO is to harness the power of technology to gain competitive advantage over their rivals in the marketplace. Something she is calling “the Money Cloud”. It’s up to the CIO to make this a reality. We will call this company “ABC GloboBank”.

On the other side of the table you have a global cloud solutions provider (say, CloudUniversal) that is positioning a whole suite of solutions to address ABC’s immediate needs, and provide a flexible platform for growth in the future. An ROI study has been performed by the CloudUniversal team to help ABC justify the partnership, and this meeting is in the Q&A stage after a very polished presentation of the study and future roadmap.

Let’s say that by the beginning of this meeting, all the tough technical points have been addressed. Nothing out of the ordinary here, at least from a technical or security perspective. The CIO is happy with the responses received on his IT team’s concerns: security, reliability, redundancy, authentication, user management, maintenance, integration, transactional efficiency, and flexibility to respond to the needs of the business. No major roadblocks are present, just the grumblings around change management, user experience, writing off the previously incurred cost of messaging infrastructure, weighing this past cost versus future costs, etc.

Additionally, the legal and regulatory teams are satisfied with the tools provided by CloudUniversal for legal discovery, tracking, and exposure to legal risk. At any given time, the legal team feels that the proposed approach will allow them to audit at a transactional level through a browser-based interface that is only accessible to a limited number of users within the legal department.

This is where the trust factor kicks in.

ABC GloboBank has to look across the table at CloudUniversal and truly believe that they can trust this well-respected company with maintaining the technology heartbeat of their company.

What if CloudUniversal is acquired by a foreign entity? What if they go bankrupt? Before, if something failed in the ABC GloboBank data center they knew that they could simply head down the hall and “wring the neck” of those responsible. Now, with data replicated across multiple, secure, secretive data centers, how does ABC maintain control? Who is held liable for damages, money lost, missed deliveries, data integrity issues?

Sound familiar? It should. These are the conversations happening every day, all over the world. From medium-sized manufacturers to large multinationals, the trust and liability conversation is front and center. Technology philosophies aside, it comes down to trust. Trust in the vendors, trust in the solution providers and system integrators, trust in the support staff, trust in the reliability, security, and scalability of the multi-tenant model that is the core of cloud computing.

“Let me state, first and foremost, that I believe the cloud can and ultimately will be trusted,” Stephen Elop, President, Microsoft Business Division said in his opening remarks during an Economist sponsored debate on whether or not the cloud can be trusted. “There is little debate about whether the cloud is a great technology evolution. The benefits of increased productivity, cost savings and improved efficiency, plus the ability to support and empower a broader range of users via the cloud are clear.”

Carefully researching the benefits of cloudsourcing is a vital stage in the development of relationship between corporations such as ABC GloboBank and CloudUniversal

And there are concrete ways in which a cloud solution provider can begin to earn your trust right from the start:

  • Transparency, ranging from tours of their data centers to real-time updates on performance
  • Commitment to securing independent industry certifications, for instance Statement on Auditing Standards (SAS) 70 Type II Audits
  • Providing complete availability of your data, anytime, anywhere
  • Best efforts to ensure application portability, use of standards-based technology where possible
  • Pay as you go contracts that force cloud providers to “earn” your business every year.

When you invest in the cloud, you’re not simply getting a knife that is cutting-edge technology when you initially purchased it yet dulls over time and before long is no longer useful. Cloud technology not only keeps your blade sharper than anything you’d buy on the shelf, it constantly increases its capabilities.

“Investing in and delivering this rapid innovation without invoking an upgrade tax is a change that customers welcome and is the foundation of trust in the cloud,” Marc Benioff, Chairman and CEO, salesforce.com said in his debate with Elop.

With the cloud, your single blade soon turns into a Swiss Army Knife before your eyes, without replacing hardware, without installing installing updates, without any interactions on your part. The excitement and trust around cloudsourcing absolutely grows as a company embraces it.

For more information on moving to the cloud and to get you started asking questions, read our new whitepaper on the “path to cloudsourcing”.

Previous Article
Mythbuster Monday (Part 4 of the Series): Most of My World is Still On-Premise
Mythbuster Monday (Part 4 of the Series): Most of My World is Still On-Premise

Balakrishna Narasimhan When people talk about the myths of cloud computing, you often run across issues lik...

Next Article
Five reasons why Google is more than ready for the enterprise – Blogging for Computerworld

Ryan Nichols Now that Microsoft has finally embraced cloud computing and taken a version of its flagship Of...