The Race for Premium Services in the Cloud

Up until now, cloud adoption by organizations has been rapid, yet constrained. Organizations have chosen to transfer data and processes of relatively little risk to the cloud and correspondingly have derived relatively modest business benefits.

However, in a period of economic instability where every penny counts, there’s considerable pressure on organizations to move more and more services to the cloud so that they can realize the true cost efficiencies that cloud computing can offer. Cloud computing is neither a fad nor a trend, it is an undeniable evolution of business IT strategy. And, eventually, this will result in more and more companies moving sensitive business processes and information to the cloud. In fact, as vulnerable processes tend to be more expensive for the enterprise to manage and protect, the economic benefits of moving these core business functions to the cloud will be even more keenly felt.

In parallel, cloud providers are under pressure to provide differentiated or premium services to their customers, and prevent the cloud from becoming just another commodity. So far, cloud providers have only had to offer services that can accommodate data of relatively low sensitivity or from smaller companies that would be considered prime targets by online criminals. Such ‘low-hanging fruit’ will quickly be exhausted and providers will need to offer a point of difference to service the needs of organizations with an increased need for controlled data protection in the cloud.

These pressures will force organizations, cloud providers, and eventually regulators, to not only classify what data can and cannot be transferred to the cloud – but the steps both parties will need to take to ensure that data protection control is upheld. What I would term, ‘everyday data,’ is already being widely transferred to the cloud. This sort of data does not demand particularly high levels of security, as its compromise would not harm the enterprise or its customers. As a basic example, employees of a company might derive benefit if their canteen’s weekly lunch menu is uploaded to the cloud. If this data were compromised, however, the business would not suffer serious damage.

In order to entice their customers to move ‘sensitive data’ to the cloud (i.e. data whose compromise could harm a business such as its intellectual property), cloud providers will need to raise their security standard in a demonstrable fashion. Cloud providers that can offer ‘premium’ security will have a clear differentiator in the marketplace and be able to attract serious business.

But as more and more services move to the cloud, at some point, regulators will step in and impose certifications for cloud services. For example, to handle cardholder data under PCI (News - Alert) DSS or offer government-grade services, cloud providers will have to prove to auditors that they are capable of managing this ‘regulated’ data.

Providers that can prove they’re capable of protecting sensitive and regulated data will be able to market their secured offerings as premium services. Those that cannot will truly be limited to selling their services as a commodity.