By 2016, 40% of enterprises will require prospective cloud providers to submit proof of independent security testing before they’ll sign up for service, Gartner predicts.
This priority is an opportunity for telcos, cable operators and unified communications (UC) service providers to differentiate themselves in the increasingly crowded cloud market. Even when enterprises, government agencies and other organizations don’t require third-party verification, that doesn’t mean control and security aren’t important enough to influence their choice of cloud providers.
For example, many organizations believe that their computing or communications is more secure when it remains entirely in house, including a private cloud. But the reality is just the opposite: Enterprises often have network security implementations that become increasingly lax over time. Common vulnerabilities include failing to change passwords on a regular basis and, often because of tight budgets, not upgrading software or implementing security patches in a timely manner.
By comparison, service providers can offer cloud services that have much more stringent policies and frequent audits. Cloud providers also are typically far more diligent about upgrading their software and implementing security patches. Just one highly publicized breach can be enough to damage a cloud provider’s brand, so they have a vested interest in protecting their customers’ data and services. Also, simply because they have so many customers in so many industries, cloud providers have far more hands-on experience with a wide variety of security scenarios than a typical CIO, CSO or IT manager.
Service provider clouds generally also are better at balancing security and usability. The easiest way to secure a private cloud is to lock it down. But that strategy can backfire if employees get frustrated and look for ways to circumvent security just so they can get access from wherever they are, including their home office, hotel room and airport lounge. The service provider architecture, on the other hand, has to be designed for a high level of security and access. The provider also is in a better position to establish points of presence wherever its customers are.
There are at least nine other ways that service providers can foster a sense of control in existing and potential customers:
1: Provide customers with Web portals, alarms and other tools that enable them to configure and monitor their cloud services 24/7. Simply because its costs are spread across multiple customers, a cloud provider frequently can offer sophisticated tools that an enterprise might not be able to afford if it were buying them itself.
2: Remind potential customers that the cloud provides inherent design and capability for disaster recovery and business continuity. Their computing and communications resources are far more resilient when they’re distributed across a service provider’s data centers versus residing entirely at the customer’s headquarters, where a single earthquake, tornado, terrorist attack or other disaster could put them out of business for hours, days or weeks.
One way to quantify these benefits is to ask the customer to estimate how much it would cost for it to buy all of the IT infrastructure and connectivity necessary to duplicate its existing facility so that it has an in-house backup ready to go following a disaster. The cloud provider also should ask the prospective customer whether it's comfortable with the prospect of having all of that redundant infrastructure and connectivity lying fallow most of the time instead of generating revenue.
Many CIOs and IT managers already understand these benefits. For example, in Enterprise Management Associates’ survey  of 159 enterprises with existing or planned cloud deployments, nearly half cited disaster recovery/business continuity planning as one of their top motivations.
3: Use standards-based platforms to overcome fears that their applications and data will be stranded on a single cloud provider instead of being easily ported to another provider. In the case of cloud communications services such as UC, there’s a similar concern about interoperability with other providers’ cloud-based services.
4: Identify and accommodate industry- and country-specific regulations and best practices such as PCI and HIPAA. It's also likely that it's more cost-effective for the cloud provider to keep up with and then implement all of the changing laws and best practices than it is for the customer to have its staff handle those tasks.
5:Welcome third-party audits, both for industry-specific compliance such as Statement on Auditing Standards (SAS) No. 70  (replaced by SSAE 16 in June 2011) and broader best practices such as ISO 27002 .
6: Educate potential and existing customers about the challenge of technological obsolescence. CIOs, IT managers and other enterprise decision-makers will be aware of this challenge at a high level. That awareness creates opportunities to point out detailed, low-level examples of how obsolescence undermines their bottom line and operations, such as an elderly UC platform that no longer is interoperable with other, newer UC systems. Then demonstrate how the cloud provides them with a cost-effective solution for overcoming those challenges, such as affordable access to the latest and greatest UC solutions.
7: Highlighting examples of how the service provider has taken the time to understand the nuances of each customer’s business. This strategy also is one example of why service providers must retune their sales teams so they’re capable of selling complex cloud services, which are more of a solutions sale than a traditional telecom sale.
For example, the legal industry needs to be able to track billable hours for both inbound and outbound calls. Traditionally only outbound calls are tracked. However, a service provider that offers a way to track inbound calls, too, and then integrate that information with the client’s office processes would have a better chance at winning that account.
8: Offer on-demand and on-the-spot demonstrations that highlight how cloud computing and cloud communications can transform the way that a potential customer does business. Those demos should include a mobile component because most organizations have a significant and rapidly growing number of employees, business partners and clients that need mobile access to cloud-based computing and communications. The CIO, IT manager or other enterprise decision-maker might understand the importance of adding mobility to the cloud, but he or she will appreciate guidance through all of the options. The demos also should compare the ballpark costs of those business enhancements when the customer bears them entirely in house versus using a cloud provider.
9: Offer a try-before-buying program, which provides the enterprise with a low-cost, low-risk way to try additional features and services to see if they deliver the promised business benefits. This strategy creates significant upsale opportunities.
Cloud computing and cloud communications are a major opportunity for service providers. In 2010, enterprises were already spending $12.1 billion on cloud-based services, and they were on track to spend $35.6 billion by 2015, says the research firm Analysys Mason . For service providers, grabbing a big share of that market begins with creating a sense of trust with customers. That’s because although enterprises, government agencies and other organizations like how cloud enables them to reduce CapEx and OpEx, they’re unwilling to give up control and compliance to get those bottom-line benefits.
As Telesphere CTO, Sanjay Srinivasan is responsible for all engineering and product development. He has more than 15 years of expertise in data networks, voice services and hosted application services. For his complete bio, visit www.telesphere.com/management_sanjay.html .