Just the ticket
Recipes for success often require reseller certification, and now an independent accreditation has been developed for cloud. Fleur Doidge reports
Cloud computing has long been able to boast of being one of the more confusing and opaque tech trends in the industry. Unfortunately, however, it is also a trend that few can afford to ignore, with the public-cloud services market alone expected by Gartner to expand 17.7 per cent through 2016.
In such a market, it can be just as tough for resellers as for end users to figure out which companies truly offer best practice, and which should be avoided. The situation seems to have worsened of late, with acronym-dependent organisations sprouting up all over that purport to outline the one true path for the bewildered business partner.
Andy Burton, chairman of the Cloud Industry Forum (CIF), says that is partly why CIF has moved to create a truly objective and independent certification for cloud that goes beyond the idea of Boy Scout badge collection for a fee. The idea is to provide a way for cloud services providers of any stripe to verify their services and capabilities and demonstrate their commitment to best practice. To do that, CIF teamed up with APM to produce the most rigorous and useful certification for cloud that it could.
"The complexity of the channel in the cloud is that you end up with quite a large ecosystem of organisations potentially providing hosting, apps, and potentially selling cloud," Burton says (pictured, left). "They might have been a ‘lift-and-shift'-type organisation and now they are adding contracts talking about service levels 24/7. So that is where I see the thinking needs to be done by the channel."
Third-party providers need to be clear about what they are capable of and how they can help customers. This means they need to communicate their capabilities clearly to customers, and enable customers to find them. Part of the answer here is in having the right certification.
Is your company a quasi-aggregator of some sort, or does it add its own IP, for example? What certifications does the business need, and what certifications do its staff need? The CIF accreditation is for the company to signal its competence to end users as well as the rest of the industry, he says.
"The supply chain can be quite long, starting with the reseller and then the app services provider, and so on. So you need to understand where and how the services are delivered, back to back. End users are becoming more aware of these complexities. They value the opportunity afforded by cloud - they want that - but they just want transparency," Burton says.
He adds that CIF conducted about 18 months of research, including consultation with "a range of industry experts" from the channel and the cloud sector as well as end users to find out what should be in a certification that would give customers the confidence that they were selecting the right provider. Its research also suggests that most customer organisations working with cloud would value an accreditation or code of practice that would help them choose the best supplier.
"Then APM designed the process, based on these capabilities," Burton says.
Planning is key
Richard Pharro, managing director of specialist accreditation body APM Group, says that first of all, the provider should figure out its objectives and strategy, and then resources should be set aside as the procedure takes time and may require the input of several departments, such as operations, finance and marketing as well as any internal quality-assurance staff.
"The CIF code of practice was recently updated to recognise existing certifications against international standards - documentation for which should also be prepared ahead of application," adds Pharro. "Do contact APM Group to talk through the scheme requirements before, during and after the self-certification process."
He says CIF's accreditation may not suit every cloud services provider - and there are others to choose from - but check first that they are based on existing well-known standards and are not just a rubber stamp or a marketing exercise. Even cloud providers with little competition right now may find the certification useful because it can help them demonstrate openness and transparency, he adds. Useful additional generic certifications may include ISO 9,000 or ISO 27,000.
"We are trying to merge the generic with issues that are significant to cloud providers," says Pharro. "We are on the third or fourth version, and it will always be subject to continuous improvement."
Achieving certification is a two-way process. Candidates should register and pay the fee - £200 to £8,000, based on turnover, via CIF's self-certification website. They can then move ahead and create a web page on their own public website that fulfils the transparency requirements.
Once all the required documentation has been collated, including a professional reference, all documents must be e-signed, and Adobe Acrobat's e-signature add-on is currently the only package accepted. Then all documents and details can be uploaded to CIF's self-certification website.
APM promises to notify applicants of any shortcomings in their application that need to be addressed, and for the foreseeable future will work closely with applicants to bring their submissions up to the required standard. This usually takes no more than two attempts, and costs no more in terms of fees, according to Pharro.
"Capability areas typically requiring improvement, especially for smaller organisations, relate to software licence management and environmental impact management. There is also often a need to improve the provision for training and awareness across most capability areas," Pharro warns (pictured, right). "None usually require significant effort, but specific focus is nonetheless needed."
David Smart, managing director of IaaS provider Softwerx, says his company achieved the CIF certification in June or July, adding it to a portfolio of accreditations that includes ISO 9,000, ISO 27,001, government security clearances, Microsoft Gold badges and more. Although it appears to be too soon to see any clear boost to the bottom line as a result of adding specific cloud certification, he remains certain his company will ultimately benefit.
"We are a very compliant, best practice-based organisation. Our core IaaS business has been in operation for the past three years, but more recently the marketplace has become quite a ‘noisy' place to operate," Smart confirms.
The importance of education
As more players have entered the market, it has become harder to stand out and prove one's credentials to customers. It is not that Softwerx did not know what it was doing before, but the certification has helped it communicate its capabilities better and clarify its role and specialities to end-user prospects, he suggests. If a customer is a large Greenwich law firm, for example, it can be a big ask for it to trust a provider, without some objective measure to shore up the sales pitch.
"The certification was a pretty comprehensive process," Smart adds. "We think it will genuinely improve what we do."
Cloud services providers that qualify are issued the CIF Self-Certification Mark, which can be incorporated on their websites or other marketing collateral. However, despite the "self-certification" label, it is rigorous and transparent, APM's Pharro insists, adding that it should even help smaller firms compete with large ones -- one of the oft-promised benefits of cloud for the channel.