Download - Building Trust in the Cloud
www.cloudindustryforum.org
Building Trust in the Cloud
A Journey Through Certification to the CIF Code of Practice
Peter GroucuttMember, Cloud Industry ForumDATABARRACKS
www.cloudindustryforum.org
Who are Databarracks?
Databarracks (MSP) IaaS BaaS DRaaS
• Managed Service Provider for ten years
• What qualifies me to talk to you about trust?
www.cloudindustryforum.org
Why are we talking about TRUST?
Databarracks began life providing Managed Backup Services
Our Journey through backup is similar to where we are today with
Infrastructure as a Service
People liked the concept and the business drivers
People were worried about Data Security and Privacy
They did not trust the technology nor the providers of it
Young industry / New technology
www.cloudindustryforum.org
What is Trust?
“Trust is the positive experience of many over time. It is a concept which is built in retrospect.” (my opinion)
www.cloudindustryforum.org
Where are we now?
According to our latest Backup and Cloud Survey which questioned 500 business IT managers in the UK
39% of companies use online backup
Up from 23% in 2008
www.cloudindustryforum.org
Who trusts us now?
www.cloudindustryforum.org
How does this compare to cloud today?
Companies want to use the cloud They don’t want technology for technology’s sake Hardware doesn’t add value to the business only application Companies want users to access the information they need
to perform the function of the business as quickly as possible Managing physical infrastructure does not add value.
www.cloudindustryforum.org
What are the drivers?
Operational Cost Saving
Flexibility of service
Scalability0%
10%
20%
www.cloudindustryforum.org
What are the concerns?
Data Security Data Privacy Dependency on Internet
Fear of Loss of Control
Confidence in Providers
0%
20%
40%
60%
80%
100%
www.cloudindustryforum.org
What do the concerns tell us?
They are issues of TRUST not technology
www.cloudindustryforum.org
Can certification build trust?
Certification can build confidence and confidence can build trust
78% of respondents said they would see value in working with an organisation that was publically certified
www.cloudindustryforum.org
Types of certification?
Management ISO9001 / ISO27001 / ISO2000
Prescriptive PCI-DSS / IL3 etc
Industry CIF Code of Practice (CoP)
www.cloudindustryforum.org
Management certifications
• Customer complaints and support frameworks
• Identification of risks of service delivery
• Policies covering all elements of business operation
• Continuous review and improvement
• Third party audit
www.cloudindustryforum.org
Prescriptive certifications
• Capacity planning• Prescriptive configuration of systems
(firewalls, switches and platforms etc)
• Shielding of storage areas• Log harvesting and analysis• Strict, audited access controls• Regular penetration testing
www.cloudindustryforum.org
Industry certifications
• Tailored and specific to the service provided
• Brings together the relevant elements other certs
• Understands the specific issues
• Industry governed
www.cloudindustryforum.org
CIF Code of Practice?
• Transparency
• Capability
• Accountability
Three Pillars
www.cloudindustryforum.org
What did it take to certify?
• Two months total working part time• Quality Manager• Security Manager• External ISO Consultant
• Two weeks dedicated
• Lots of common ground between ISO and CoP
www.cloudindustryforum.org
Why did Databarracks certify?
• Be part of the conversation
• Customers confidence in core values of the company
• Looking beyond price
www.cloudindustryforum.org
Would we recommend it?
YES!Shaping the industry to revolve around the core principles set out by CIF will build confidence and TRUST.
Good for customers and good for service providers.
www.cloudindustryforum.org
www.cloudindustryforum.org
Questions?