Alex Hilton thinks there's a red herring in the debate over cloud services. As CEO of the Cloud Industry Forum (CIF) he hears a lot of concerns about security, and believes many are misplaced.
"It's absolutely appropriate and relevant that people ask those questions, but I do wonder if it is a bit of a red herring," he says.
"Cloud services will have pretty much state of the art security in place, and the organisations that have adopted the (CIF) code of practice will be pretty clear about the security they can offer."
Hilton doesn't deny that this is one of the main concerns for companies thinking about using the cloud, whether it's for storing data, running applications, a platform or infrastructure. It's one of the top three issues, along with data protection and the practicalities of the migration – issues such as whether the company's broadband connections are going to be sufficiently robust.
Reputations and investment
But he says that cloud service providers have reputations to protect and their business depends on a clean record. They are more likely to invest in the newest technology and keep their security arrangements up-to-date than most companies would do with an on-premise solution.
The appetite of small and midsized businesses for cloud services is growing. A survey conducted for CIF by Vanson Bourne last year showed that 52% of microbusinesses – those with less than 20 people – were using a cloud service, and for those with up to 200 the number reached 64%, a little above the average of 61%.
"What we're seeing is that software-as-a-service (SaaS) seems to be the larger form of adoption and infrastructure is following," Hilton says.
"That office hosted desktop environment makes complete sense. If you're a small business, to have that suite of cloud services is absolutely the right thing to do, to be able to access your data any time, anywhere, and to have access to other functions like SkyDrive and Lync.
"It's a no brainer for small businesses."
SMB speed
It's such a no brainer that smaller firms are generally moving more quickly than big enterprises. Hilton says the latter have to do a lot of due diligence and go through their own bureaucracies before they can migrate, while SMBs are placed to handle the process more quickly.
This is also being encouraged by the convergence of supply routes. While cloud has traditionally been seen as an IT service, and most of CIF's current membership is from the IT industry, others such as telcos are moving into the field and combining it with other services. This is making it a more attractive proposition to many SMBs.
For a company looking for a cloud service provider, whether it's SaaS, infrastructure-as-a-service, platform-as-a-service or just data storage, Hilton says there are three basic questions to ask. The first is to ask the vendor if it is providing the service itself or contracting to another company, and where will the data be located? The second is what level of service is promised? The third is what happens if it goes wrong?
It's not a surprise that he relates all of these to CIF's code of practice, which revolves around three principles: transparency around the service offered; accountability that the provider will do what they promise; and capability, what exactly the service can provide.
He says that companies can use these principles in asking the questions when they are investigating a cloud service, with the aim of getting as much clarity as possible.
There is some momentum in ensuring that the code of practice provides a guide, with 17 CIF members have received the accreditation and another 25 having registered for the process.
When to pay?
There is another question a smaller firm is likely to ask: where is the point where I stop using the free file sharing services such as Google Drive and Dropbox, and start using a cloud service that comes with a price tag attached? Hilton says the answer reflects how much you demand from the service.
"(A free service) is great as a start point for a cloud service, with a 'try before you buy' approach, but if you want to scale and customise that operation you need to consider more in-depth services.
"You're going to get more accountable service level agreements when you're putting a paid for service in place."
He has one surprising revelation that CIF is only now in the process of moving all of its IT to the cloud, taking up an Office 365 hosted environment. Hilton acknowledges that there is a slight irony that this hasn't happened earlier, but says the reasons do not come from obligation but because it runs as a small, not-for-profit business.
