Giving credence to cloud accreditation
Having common standards that end users understand and - just as importantly - trust is crucial to achieving ongoing sales, notes Simon Bearne
“Trust me, I’m a doctor” is a well-used phrase and, for the most part, we tend to trust our doctors. That is not just because we have respect for their professional skill and their knowledge of the ailments that afflict the human body, but also because they are accredited to strictly regulated professional standards.
But try this: “Trust me, I’m a cloud provider.” It does not have quite the same ring to it. In spite of the efforts of service providers to engender trust by collecting accreditations, public faith in the cloud is waning. End users are arguably more cynical about it than they have ever been, and more sceptical about the claims made by providers regarding their adherence to standards of reliability, data protection and service migration.
It is this very surfeit of standards that is threatening to become a problem for resellers and end users. With so many standards bodies to choose from, accreditation is in danger of becoming a term as nebulous as “cloud” itself.
Where cloudwash is common and it is easy to bamboozle customers with unfounded claims of security and data protection, accreditation can be a much-needed independent endorsement. In fact, a lack of common standards governing security, reliability and data sovereignty is one of the reasons a large proportion of organisations have not moved to the cloud.
It is easy for organisations to pick and choose from the multitude of competing (and sometimes conflicting) cloud standards, selecting the qualifications that will require the least work and the least investment. If that is the route providers choose to follow, you can also bet that marketing is their predominant priority - not genuine concern for their customers.
On the other hand, you have organisations that put themselves through the rigmarole of ensuring their infrastructure, technology and processes are up to scratch, followed by the far more complicated, time-consuming and often costly process of submitting documents and evidence to independent standards bodies. If an organisation is accredited with governmental or international standards such as the ISO, you know it has gone through a long and rigorous process of auditing and certification.
Solid foundations
So how can resellers, and their customers, discriminate between meaningful accreditations and those that merely proffer a fig leaf of respectability?
To mean anything, accreditation must be relevant to the specific needs of the customers and industries that you target. End users will generally know what their needs are when it comes to resilience, security, data protection and so on.
Retailers and other handlers of payment card details, for example, know they need a technology partner with PCI-DSS compliance. Financial services firms must adhere to external standards such as ISO:27000 and PCI DSS.
For pretty much any organisation, whether in the public or private sector, if the end user has to comply with specific standards, they can hardly be expected to entrust their data, infrastructure or applications to a provider that lacks those same accreditations.
It is not enough simply to judge the accreditation by the respectability of the awarding body. Instead, you should look at the foundations on which their accreditations are built. Simple due diligence will show whether a cloud accreditation is based on robust, independent standards - or the sort of accreditations that are typically mandated for end users’ own operations.
Some people have predicted that cloud computing will kill off the channel. Instead, it has given resellers a new role: that of a trusted, impartial adviser in an increasingly competitive and confusing market. So to restore end-user confidence in the cloud, the channel will need to help customers tackle the vexatious issue of accreditation.
Simon Bearne is UK sales director of Claranet