This document discusses how certification can help build trust in cloud services. It describes Databarracks' journey in becoming certified under the Cloud Industry Forum Code of Practice. The certification process took two months of part-time work from quality, security and external consultants. Certification promotes transparency, capability and accountability, which helps address customers' concerns over data security, privacy and loss of control. The presenter recommends certification as it builds confidence in core values and shapes the industry's focus on principles that foster trust.
Building AI-Driven Apps Using Semantic Kernel.pptx
Building Trust in the Cloud
1. Building Trust in the Cloud
A Journey Through Certification to the CIF Code of
Practice
Peter Groucutt
Member, Cloud Industry Forum
DATABARRACKS
www.cloudindustryforum.org
2. Who are Databarracks?
Databarracks (MSP)
IaaS
BaaS
DRaaS
• Managed Service Provider for ten years
• What qualifies me to talk to you about trust?
www.cloudindustryforum.org
3. Why are we talking about TRUST?
Databarracks began life providing Managed Backup
Services
Our Journey through backup is similar to where we are today with
Infrastructure as a Service
People liked the concept and the business drivers
People were worried about Data Security and Privacy
They did not trust the technology nor the providers of it
Young industry / New technology
www.cloudindustryforum.org
4. What is Trust?
“Trust is the positive experience of
many over time. It is a concept which
is built in retrospect.” (my opinion)
www.cloudindustryforum.org
5. Where are we now?
According to our latest Backup and Cloud Survey which
questioned 500 business IT managers in the UK
39% of companies use online backup
Up from 23% in 2008
www.cloudindustryforum.org
7. How does this compare to cloud today?
Companies want to use the cloud
They don’t want technology for technology’s sake
Hardware doesn’t add value to the business only application
Companies want users to access the information they need
to perform the function of the business as quickly as
possible
Managing physical infrastructure does not add value.
www.cloudindustryforum.org
8. What are the drivers?
20%
10%
0%
Operational Cost Flexibility of Scalability
Saving service
www.cloudindustryforum.org
9. What are the concerns?
100%
80%
60%
40%
20%
0%
Data Security Data Privacy Dependency Fear of Loss of Confidence in
on Internet Control Providers
www.cloudindustryforum.org
10. What do the concerns tell us?
They are issues of TRUST not technology
www.cloudindustryforum.org
11. Can certification build trust?
Certification can build confidence and confidence can build
trust
78% of respondents said they would see value in working
with an organisation that was publically certified
www.cloudindustryforum.org
12. Types of certification?
Management
ISO9001 / ISO27001 / ISO2000
Prescriptive
PCI-DSS / IL3 etc
Industry
CIF Code of Practice (CoP)
www.cloudindustryforum.org
13. Management certifications
• Customer complaints and support frameworks
• Identification of risks of service delivery
• Policies covering all elements of business operation
• Continuous review and improvement
• Third party audit
www.cloudindustryforum.org
14. Prescriptive certifications
• Capacity planning
• Prescriptive configuration of systems
(firewalls, switches and platforms etc)
• Shielding of storage areas
• Log harvesting and analysis
• Strict, audited access controls
• Regular penetration testing
www.cloudindustryforum.org
15. Industry certifications
• Tailored and specific to the service provided
• Brings together the relevant elements other certs
• Understands the specific issues
• Industry governed
www.cloudindustryforum.org
16. CIF Code of Practice?
Three Pillars
• Transparency
• Capability
• Accountability
www.cloudindustryforum.org
17. What did it take to certify?
• Two months total working part time
• Quality Manager
• Security Manager
• External ISO Consultant
• Two weeks dedicated
• Lots of common ground between ISO and CoP
www.cloudindustryforum.org
18. Why did Databarracks certify?
• Be part of the conversation
• Customers confidence in core values of the company
• Looking beyond price
www.cloudindustryforum.org
19. Would we recommend it?
YES!
Shaping the industry to revolve around the core principles
set out by CIF will build confidence and TRUST.
Good for customers and good for service providers.
www.cloudindustryforum.org