A recent survey, performed by Quocirca on behalf of CA Technologies, has revealed a surprising lack of confidence in the security of cloud services throughout certain businesses.
Quocirca’s survey found that amongst companies with a negative general perception of cloud services, 72% felt they lacked the resources to keep cloud services truly secure.
This is an extremely interesting and revealing statistic. Against a backdrop of an IT world that seems relentlessly focused on moving to the cloud, there are clearly plenty of companies who remain “traditional” in their thinking. It’s fair to assume that a fair proportion of these are companies who work with sensitive data, and simply do not think that a move to the cloud justifies their perceived risk.
If you’re in the business of supplying cloud services, it’s clearly in your interests to have a strategy to help convince this market of potential customers. Their current objections will prevent them even contemplating a move away from “on premise.” So here we present a few tactics to help address their concerns:
Much of the negative press about the cloud focuses on public cloud services, and non-technical people probably don’t realise that moving “to the cloud” doesn’t necessarily mean moving to such services.
It’s quite possible to build private cloud services that are just as inherently security-focused as their “on premise” equivalents, but it’s down to you to make sure customers understand this concept.
Whether your cloud offerings are completely private, or you are reselling “multi-tenant” systems, you must still gain a deep understanding of the security technology in use so that you can explain it to potential customers in detail.
If you’re reselling, that sadly doesn’t mean that you’ve passed security responsibility to your supplier company. Of course there’s a line of accountability if a security breach occurs, but your clients will want to speak to you – so it’s down to you to feel completely confident about what you’re selling.
It’s just as valid to perform a penetration test on a cloud infrastructure as it is on an internal network. On this basis, if you want to truly convince clients of how seriously you take security, why not commission an independent penetration test of the infrastructure you are selling?
If you are able to show a detailed penetration test report to a potential client, showing your infrastructure is watertight; you will instantly allay many of their fears.
The results of Quocirca’s survey will probably come as a surprise to many. Throughout much of the technical community, cloud technology has become distinctly normal and “everyday.”
The good news is that there’s an untapped market of “cloud doubters” out there waiting to be convinced. So get out there and start convincing them.