Countering Objections to Cloud Computing

Armed with the right information, solution providers can counter common objections to cloud computing sales.

November 2, 2010

8 Min Read
Countering Objections to Cloud Computing

By Charlene O'Hanlon

Cloud computing is unquestionably the buzz term of the decade, encompassing everything from software as a service to virtual infrastructures and beyond. In the SMB space in particular, cloud computing is gaining traction as a viable and affordable alternative to building out networks and adding physical boxes be they servers or appliances on premises.

But despite cloud computings perceived popularity as a technology for all-sized companies, adoption of the technology in the enterprise space has lagged. That does seem to be changing, however: A survey conducted earlier this year by independent research firm LoudHouse on behalf of e-mail vendor Mimecast shows that cloud adoption rates among U.S. businesses hover at about 56 percent, up from 36 percent a year before.

Within the last 12 to 18 months the promises of cloud computing have started to be delivered and more companies are seeing it as a viable alternative to consume infrastructure,” said Aaron Hollobaugh, director of marking and communications at hosting provider

Still, according to the Mimecast survey, about half of companies are not using cloud computing, and the reasons vary from lingering security fears to the IT department not wanting to give up control of its data. But as Amy DeCarlo, principal analyst at Current Analysis notes, such fears can go with the territory with new technologies.

Its still really early in the adoption curve,” she said. There are things that are happening inside the corporate walls in terms of virtualization, but for the most part [cloud computing] is pretty new. So naturally there is a level of concern and skepticism.”

Indeed, the fresh face of the technology may be off-putting to a number of companies that like their technology broken in and proven before they adopt it, DeCarlo said.

The newness itself is a barrier to some companies,” she said. IT departments are saying, I want to wait and see proof that there is no issue with this technology. And the proof is time. Nobody wants to be the one to say, Lets move x to the cloud, and then have it fail.”

Youth is but one excuse popular with the enterprise crowd in shying away from cloud computing, giving solution providers a run for their money in trying to sell the technology. However, armed with the right information, solution providers can be successful in selling cloud technologies into the enterprise.

Objection: Data in the cloud is vulnerable to hacker attacks and other security issues.

Answer: Security of data in the cloud is equal to security of data on premises, provided the infrastructure in which the data is stored is secured. Any type of security appliance or application in a dedicated environment can also be provided in a cloud environment,” Hollobaugh said. And because of strides in technology around hypervisors, concerns about cloud security arent any more valid than concerns about any other security.”

Thats not to say that security threats dont exist. If the hosting providers servers are compromised, so might be your clients data. Thats why its important to use a provider that has certain provisions in place, including periodic risk assessments and up-to-date service level agreements, and goes through a trusted assessment to ensure its security is top-notch.

In March of this year, the Cloud Computing Alliance a non-profit organization created to promote the use of best practices for providing security assurance within cloud computing released its report on the Top Threats to Cloud Computing. The living document will be updated periodically with the most probable threats based on expert consensus.

The current top security threats in cloud computing are:

  • Abuse and nefarious abuse of cloud computing Cloud computing providers are targets of cybercriminals, according to the CCA, partially because the providers have relatively weak registration systems that facilitate anonymity, and their fraud detection capabilities are limited;

  • Insecure interfaces and APIs The CCA noted that weak interfaces and APIs expose companies to security risks related to confidentiality, integrity, availability and accountability;

  • Malicious insiders As organizations adopt cloud services, the human element takes on an even more profound importance,” the CCA stated in its report. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat.”

  • Shared technology issues The CCA added that disk partitions, CPU caches, GPUs and other shared elements were never designed to endure the rigors of compartmentalization, so attackers focus on ways to gain unauthorized access to data and disrupt the operations of other cloud customers;

  • Data loss or leakage Insufficient authentication, authorization and audit controls; inconsistent use of encryption and software keys; operational failures; disposal challenges; jurisdiction and political issues; data center reliability are examples of ways data could be lost or leaked;

  • Account or service hijacking With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services;

  • Unknown risk profile Companies moving applications and services into the cloud for the benefits of costsavings and reduced maintenance should not overlook the security profile of the hosting provider to achieve those benefits.

Still, as Hollobaugh pointed out, security of data in the cloud takes on the same characteristics as security of data within an on-premises data center. Many of the risks talked about in the cloud are the exact same risks you find in an on-premise network. You just have to make sure the proper security measures are in place, no matter where the data resides,” he said.

Security fears certainly exist, but companies certainly have enough security to protect their SaaS applications,” DeCarlo added. If its a core application, however, its a good idea to wrap the proper amount of security around it.”

Objection: The on-premises network is still in good shape and its ROI hasnt yet been achieved.

Answer: Solution providers selling cloud services shouldnt try to sell them as a replacement to existing networks; rather, cloud services should be positioned as complementary technology. Retailers, for example, could move some of their customer-facing applications onto a shared infrastructure yet keep their more mission-critical and back-office applications on their existing network.

Using cloud services doesnt make sense to some companies if theyve already made the investment in infrastructure,” DeCarlo said. This is perhaps the biggest argument we hear against using cloud computing.”

And it may be a valid argument, Hollobaugh said. If you look at the market research, 2005 to 2007 were good server years. They should be up for refresh, but because of the economy companies are holding off and waiting a little longer to replace. In those cases we are telling our customers there is room for optimization of their networks through cloud services a company can use cloud services to augment their existing infrastructure rather than replace their servers.”

That hybrid approach is proving to be the most palatable and, consequently, the most popular approach for many companies, he said. We believe that hybrid at least for the next five to seven years will continue to be the way companies adopt cloud technologies.” also has noticed a trend of some companies shifting ownership of the network away from the IT department and onto myriad other departments such as accounting, HR and marketing departments. Larger companies are dividing up their infrastructure pools and resources and giving more autonomy to different departments, who may then offload their data to the cloud to reduce the time and money they spend on maintaining that data,” Hollobaugh said. As a result, solution providers should focus more on targeting departments within a company rather than the company itself and position cloud services as a way for the department or organization to ensure their data is effectively managed at a fraction of the cost of hiring an onsite IT professional.

Objection: Moving to a cloud environment means the IT department no longer has control of the data.

Answer: Control has always been a hot button of IT departments, especially in the last five or so years as new technologies such as convergent communications and now cloud computing threaten the traditional network infrastructure.

The IT department doesnt necessarily see the benefits of cloud computing because to them, it can mean loss of control and power and personnel,” DeCarlo said. And IT traditionally has wielded a lot of power within a company.”

Compounding that fear over loss of control is bad information from traditional technology vendors and partners that also feel threatened by the new model. In the early part of the decade outsourcing became a dirty word in IT industry, and there is still some of that fear that cloud adoption is a bad thing. Plus, you have a technology sector set up around hardware thats not very comfortable with the idea that maybe not as much hardware will be needed anymore,” Hollobaugh said.

The answer to this dilemma, he added, is obvious: Rather than position cloud computing as in-house infrastructure-killer, solution providers should educate their customers and potential customers on what cloud computing can do for their company in terms of cost savings and operational efficiencies. Positioning the technology as a complementary technology and a cost-effective way to offload less critical applications, back up and store data and create a migration path for future technologies can help calm the fears of nervous IT departments, which in turn can further adoption of cloud computing in the enterprise.

Companies want to feel comfortable with their technology,” Hollobaugh said. From our perspective the cloud is about the experience. We help them understand the value of it, but ultimately they have to be convinced of the security, control experience and cost savings.”

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like