Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Evan Quinn, principal marketing director at QAD
Information Security Becomes a Key Reason to Move Mission-Critical Apps to Cloud
In the early days of the cloud, potential cloud app (SaaS)
buyers were frightened of deploying to cloud due to the perception that cloud
had weak information security. Companies preferred the familiarity and comfort
of running their own data centers, including managing their own on-premise
security, particularly for mission-critical applications like ERP that manage
"source of truth" and sensitive data.
Earlier Cloud adopters, approximately through 2010,
therefore focused on cloud deployment for apps with a lower bar for security
than ERP, like CRM, HCM, BI and sidebar apps like travel expense management. Cloud
ERP adopters were in the minority - until recently. The prediction: In 2018, information security will become a primary
reason to adopt cloud.
Ironically, nearly two decades after the start of SaaS, the
information security offered by leading cloud providers will compel companies
to choose cloud. Why?
1. Hacking has evolved into a frightening, ongoing
threat to companies of all sizes, locations and industries. Consider all the
large companies that suffered major breaches in 2017, like Verizon, Merck,
Equifax and even the USA National Security Agency. Few companies can keep up
with the required expertise and associated cost of state-of-the-art information
security best practices and threat prevention, detection and remediation.
2. Cloud providers, aware of the security concerns
from the first decade of the 2000s, have continually invested in improving
information security.
3. A cloud provider scales information security
investment across their customers - cloud providers MUST excel at information
security as part of their cost business.
4. The need for expertise and the associated cost
of information security goes beyond threat management and includes compliance
(e.g. ISO, SSAE, GPDR, etc.) and systems management (patching, DR, etc.).
That does not mean that all SaaS and IaaS providers are
created equal in terms of information security. Cloud buyers, knowing that some
cloud providers offer state-of-the-art security and maintain a commitment to
keep up, will (a) use security to justify moving to the cloud, and (b) use information
security capabilities as a key decision point for choosing SaaS and IaaS
providers. Generally, smaller providers, that have a hosting and managed
service provider heritage, will be at a disadvantage due to smaller customer
bases and the related inability to spread cost. In addition, providers with
global security and compliance capabilities have an advantage over more
regional and local providers, not just due to scale but also because, in terms
of business transacting, there are few companies left on the planet that are
not exposed globally.
##
About the Author
Evan Quinn is a principal marketing director at QAD. He has
been a developer, product manager and in marketing at major banks, and leading
technology vendors like Oracle and Symantec.