This post was authored by Adam Dodds, Research Director Channel Strategies, Alliances and Brokerage, IDC
This is the fifth in a guest blog post series by IDC on trusted cloud. This post details the growing importance of cloud platforms for storing and protecting data.
Having had the opportunity to spend time with vendors, services providers, and organizations throughout the world, the universal theme that I keep hearing is the increasing recognition of information as a potentially strategic asset. This is an incredibly important discussion for an enterprise to be having as this factor must be acknowledged as a leading influence in the process of selecting a cloud provider.
The challenge is that recognizing information as a strategic asset is an executive-level opportunity (and not one for the CIO’s office alone) and it is a compelling reason for the executives of the business to become more involved in the digital journey. It is a reflection that digitization is creating new points of value in a business that need to be recognized and nurtured. A great example of the value of a business’s information is Caesars Casino where the customer loyalty data was valued at $1 billion (U.S.) in 2015. This example is convincing evidence that information has a tangible value, despite the financial rules that govern the treatment of information on the balance sheet as having yet to mature. The rising impact of information as a power currency is already being recognized at a business valuation level. The high market value of digital natives now achieving global scale is a real reflection of this change (e.g., Facebook or Uber).
Once the shift is made around information having a value, we can start thinking more about how we treat it, how we add value to it, how we protect it and, most importantly, where we put it from a cloud provider perspective.
The big question asked by most organizations is, "We know our information has a value, but how do we quantify that valuation?" The answer is not simple and the approaches to valuing information vary in the market. These approaches center around three common themes:
- How much revenue/profit could be attained if the information was sold?
- What would the cost be to the business if a competitor had the information?
- What would the financial impact be of not having the data available from a business operations perspective?
Answering these questions will provide an understanding of how – or if – information is valued in the organization, what data is valued, and where the emphasis on valuation should begin. By considering the context of the valuation, organizations can develop a tangible and rigorous methodology for identifying the approach to be taken.
So why is this process important? Because more mechanisms are needed to bring the business thinking into alignment with the potential of digital technology and services as business “goes digital.” CEOs and their boards are looking for alternatives to the traditional risk-based approach to determine how and when they should get involved.
With this in mind, we shift to the challenge of choosing a service delivery model for new information-based services and its relevance as a bank type structure. As with a bank, it is important that the service delivery provider balances the accessibility of the information with the need for robust security. Information is not physically tangible so there is an absolute need for organizations to pay close attention to their connection and engagement with their service delivery model. This is a crucial step in gaining customer trust regarding the stewardship of their information, and it should be treated no differently than safeguarding the organization’s cash in a bank. This principle should be adhered to irrespective of whether the datacenter is global or local. However, most organizations do not have the capacity or financial capability to provide bank-like service delivery. Indeed, implementing a delivery platform to bank-level would likely make an information value generation project unviable. What is becoming increasingly common is to use a provider of cloud services to build a new line of business on a cloud services platform.
Choosing a platform provider uses much the same set of criteria as when selecting a bank but with obvious differences. A set of important characteristics include:
- Accessibility and transparency. How is the organization able to physically reference the provider’s facilities and systems and have visibility into their unique environment? This is an important step in the cloud platform adoption process.
- Culture and brand. How aligned at the personnel level are the employees of both provider and enterprise? Does the engagement reflect the way in which the organization does business?
- The type of relationship being built. Who owns any developed IP? New ecosystem models are being built as enterprises realize that they can leverage, with the use of new digital technologies and cloud native businesses, the IP and capabilities of aligned but non-competing specialist service providers. (See Walmart, Uber, Lyft.)
- Provider viability. How likely is the provider to stay in the business of providing this platform? What is their development roadmap and do they have sufficient funding to maintain the R&D levels? Are they committed for the foreseeable future?
- Cost. How transparent are the costs of the service and how focused is the provider in building a relationship for the long term? This can be seen through a real commitment to optimizing the customers' environment both commercially and technically (see my comment above on relationship and ecosystem – a partner approach can be less risky but not a surety).
- Location. Datacenter investment is aligned to a range of variables. Geographic stability, political stability, and power assurance remain top characteristics. Being local remains important in many geographies, especially where local legislation is used to drive local industry development. However, where local hosting is not available the ability to choose a location near country or globally offers a level of comfort where the connectivity can be relied upon.
- Reliability. Providers should be able to clearly demonstrate the uptime of their environment. Architecting for resilience is important but this does not mean that you should design around the provider’s poor solution.
- Compliance. Is the provider able to demonstrate an awareness of your business or your industry? Irrespective of whether data sovereignty or the industry itself has requirements around information availability, it is important to understand what is needed and where the risk lies (e.g., in health care this is critical especially regarding patient records).
As the value of an organization’s information grows to represent a significant proportion of a business, it is critical that the business becomes more involved in the decision-making process. There are too many cases where an organization has faced considerable business impact due to a data breach and, in hindsight, both the CEOs and the boards wished that they were more educated and involved in the assessment process (Sony and Target are two examples that come to mind). At a technical level the security, budgets, workload locations, and the shift to as-a-service models are driven largely by the CIO’s office. However, this is not the right answer any more as data and information shifts from a utility asset to an invaluable competitive differentiator asset for all organizations.
Valuing that asset has never been more critical. The sooner that organizations treat information as they would treat more liquid assets, the faster they will realize its potential value. The downstream effect of this change will be a closer inspection of the providers with whom they choose to entrust their information. Only those providers that are hyper aware of their responsibility over this information and strive for transparency to ensure that this trust is warranted will be successful.
To learn more, visit the Trusted Cloud website.