Axel Buelow, CIO, SAP AG

As I speak to customers around the world about the Cloud, I am especially attuned to their concerns about security. After all, anytime you move data from the safety of your own four walls, it’s only natural to worry about where that data goes – and how it is protected.

I have found that some customer concerns vary by industry and region. For instance, customers in industries that handle sensitive data – such as banking, insurance, pharma, government, and energy – tell me they are particularly concerned about data integrity and confidentiality, while customers in the European Union need to meet local regulatory requirements that govern where data is physically stored.

But virtually all customers want absolute assurance that there is end-to-end tracking of any potential access to their data – as well as any changes to that data.

The SAP Approach
Fortunately, I am able to assure customers that SAP provides a secure and reliable platform that uses state-of-the-art encryption and data isolation technologies. These measures ensure that customer data cannot be accessed or manipulated by outsiders – including SAP itself.

Naturally, other companies offer similar approaches, but you should compare carefully to ensure that you get the right combination of security features for your organization’s requirements.

Four Keys to an Effective Security Strategy
From my perspective, an effective Cloud security strategy should include the following four elements:

  • Certifications and attestations: Does your provider have the proper certifications, such as SOC 1-3/ISAE 3402/SSAE16, and ISO 27001?
  • Regulatory compliance: Does your provider help you meet the specific regulatory requirements for your organization or industry, such as FDA, HIPPA, PCI/DSS or FISMA?
  • Encryption: Encryption is an essential part of any security strategy. Does your provider offer secured or tunneled communication?
  • Effective processes: Does your provider meet the operational processes and governance model needed to support your requirements?

Get Proof
It’s not enough to get promises from your Cloud provider; you need proof. Therefore, ask your provider to do the following:

  • Provide white papers that detail the technical and operational design of their system
  • Clearly define a security incident and escalation path
  • Clearly define all responsibilities and services
  • Offer real-time security reporting or a dashboard that enables you to check the confidentiality and integrity of your Cloud-based systems and services
  • Provide proper certificates and reports that prove proper security management and an effective internal control system to cover key processes

A Bright Future
Despite concerns, millions of Cloud customers around the world enjoy real security and peace of mind – through constant vigilance. And in the years ahead, we will see Cloud-based security technologies continue to grow more sophisticated – even as the potential threats also increase.

In my next post, I will address the critical challenge of staying one step ahead of the bad guys. And, I will offer additional thoughts on the future of the Cloud.

In the meantime, I recommend a new report from Oxford Economics, “Protecting the Cloud.” It’s available for free –

Before we move on to the new cloud security paper, a reminder on cloud mobility from John Rote, Vice President of Customer Experience at Bonobos:

“Today’s emerging post-PC environment means that any improvements and development that take place for the desktop computing environment must carry over to mobile.”

You can download our paper on mobility and cloud platforms, Unleashing the Cloud, free (with registration) here .

Many of the fears associated with cloud computing and cloud platforms are rooted in the fact that data often resides outside the walls of the enterprise. The idea that an outside vendor or service provider stores and manages an organization’s data—including valuable intellectual property and highly sensitive documents—is nothing less than unnerving for CIOs, CSOs, and other executives. These concerns are understandable, particularly in an environment where technology undergoes constant change, and vendors frequently come and go.

From our latest paper, Protecting the Cloud, which then goes into some detail about ways to assuage these understandable concerns. We’ll have a downloadable copy up for you shortly.

Hot on the heels of our first two papers (which you can download from the links here ) is our research-driven take on securing cloud platforms, Protecting the Cloud . Look for it here next week.

Forrester: PaaS makes developers happy

Study says PaaS could be one of the most important cloud-based services for businesses moving forward

Full story .

“Today’s emerging post-PC environment means that any improvements and development that take place for the desktop computing environment must carry over to mobile.”

– John Rote, Vice President of Customer Experience, Bonobos, quoted in our report on PaaS and mobiilty, Unleashing the Cloud, which you can download free here .

The chart below shows features and capabilities deemed essential for mobile cloud platforms, by total responses and cloud leaders — those respondents who have more mature approaches to cloud strategy (chart and data from our report on PaaS and mobiilty, Unleashing the Cloud, which you can download free here ).

Nearly two-thirds of survey respondents (65%) say that access to cloud services via a mobile environment; 58% demand access to multi-vendor on-premise systems; 57% want access to packaged applications; and 51% desire an ability to customize packaged applications. Finally, 42% noted a desire to build custom apps. The need to customize systems, tools, and applications must be met without making users go through the process of recompiling code and reprogramming systems and interfaces. These customizations often revolve around adding, changing, and removing fields; and localizing addresses and currencies to fit the conventions and marketplaces for different countries. The ability to standardize systems and data is a significant benefit.

Companies are using cloud platforms to address a variety of customer needs through mobile deployments. Among the most prominent: real-time customer service, cited by 67% of the respondents; faster response times (59%); better customer retention (47%); increased brand loyalty (43%); and higher revenues (33%). Asia and Latin America lead on real-time customer service, EMEA on faster response times and customer service; North America is the only region not to lead at least one category. (Chart and data from our report on PaaS and mobiilty, Unleashing the Cloud, which you can download free here ).

Customer needs are at the focus of mobile strategy, especially for large companies. Other key areas of concern include boosting internal productivity, enabling collaboration, and unleashing faster time to value for the business (click chart to enlarge; chart and data from our report on PaaS and mobiilty, Unleashing the Cloud, which you can download free here ).