building trust in the cloud

www.cloudindustryforum.org

Building Trust in the Cloud

A Journey Through Certification to the CIF Code of Practice

Peter GroucuttMember, Cloud Industry ForumDATABARRACKS


Who are Databarracks?

Databarracks (MSP) IaaS BaaS DRaaS

• Managed Service Provider for ten years

• What qualifies me to talk to you about trust?


Why are we talking about TRUST?

Databarracks began life providing Managed Backup Services

Our Journey through backup is similar to where we are today with

Infrastructure as a Service

People liked the concept and the business drivers

People were worried about Data Security and Privacy

They did not trust the technology nor the providers of it

Young industry / New technology


What is Trust?

“Trust is the positive experience of many over time. It is a concept which is built in retrospect.” (my opinion)


Where are we now?

According to our latest Backup and Cloud Survey which questioned 500 business IT managers in the UK

39% of companies use online backup

Up from 23% in 2008


Who trusts us now?


How does this compare to cloud today?

Companies want to use the cloud They don’t want technology for technology’s sake Hardware doesn’t add value to the business only application Companies want users to access the information they need

to perform the function of the business as quickly as possible Managing physical infrastructure does not add value.


What are the drivers?

Operational Cost Saving

Flexibility of service

Scalability0%

10%

20%


What are the concerns?

Data Security Data Privacy Dependency on Internet

Fear of Loss of Control

Confidence in Providers

0%

20%

40%

60%

80%

100%


What do the concerns tell us?

They are issues of TRUST not technology


Can certification build trust?

Certification can build confidence and confidence can build trust

78% of respondents said they would see value in working with an organisation that was publically certified


Types of certification?

Management ISO9001 / ISO27001 / ISO2000

Prescriptive PCI-DSS / IL3 etc

Industry CIF Code of Practice (CoP)


Management certifications

• Customer complaints and support frameworks

• Identification of risks of service delivery

• Policies covering all elements of business operation

• Continuous review and improvement

• Third party audit


Prescriptive certifications

• Capacity planning• Prescriptive configuration of systems

(firewalls, switches and platforms etc)

• Shielding of storage areas• Log harvesting and analysis• Strict, audited access controls• Regular penetration testing


Industry certifications

• Tailored and specific to the service provided

• Brings together the relevant elements other certs

• Understands the specific issues

• Industry governed


CIF Code of Practice?

• Transparency

• Capability

• Accountability

Three Pillars


What did it take to certify?

• Two months total working part time• Quality Manager• Security Manager• External ISO Consultant

• Two weeks dedicated

• Lots of common ground between ISO and CoP


Why did Databarracks certify?

• Be part of the conversation

• Customers confidence in core values of the company

• Looking beyond price


Would we recommend it?

YES!Shaping the industry to revolve around the core principles set out by CIF will build confidence and TRUST.

Good for customers and good for service providers.


[email protected]


Questions?

http://www.cloudindustryforum.org/

building trust in the cloud

Technology