In a recent online debate presented by The Economist arguing “Should companies do most of their computing in the cloud?” noted security, privacy and cyber-terrorism expert Bruce Schneier highlighted the trade-offs businesses must consider when deciding on cloud solutions.

At IDC, we have begun to review cloud-based customer engagement and customer communication management offerings, ranging from software as a service (SaaS) subscriptions to fully managed services, with the potential change in the way both customers and business users interact with software and each other.

Cloud computing is one pillar of IDC’s Third Platform, so it’s obvious we think it is a critical part of information technology's (IT's) future, but we still recognize the challenges and trade-offs it entails. These challenges are particularly relevant to new and emerging customer engagement technologies.

Even as Mr. Schneier presented the “No” side of the debate, he admitted his own company makes extensive use of cloud services. Therein lies the real challenge, and the conflict, that current cloud computing brings to businesses.

Both vendors and buyers of cloud-based customer engagement solutions would do well to think about how to resolve the following issues in a way that keeps both vendors and customers whole.

According to IDC's 2013 Global CloudTrack Survey, security concerns are the number one inhibitor for moving to the cloud, and it’s a legitimate concern. If you’re the Bank of America, JPMorgan Chase or any of the Fortune 500, then you likely have the resources, skills and talent pool to match the security efforts of major cloud solution providers. You are also just as likely to be the target of government, criminal and cyber-terrorist activities.

For those outside the Fortune 500, and certainly below the Fortune 1000, you will likely benefit from the concentration of security expertise at a major cloud provider. There is a trade-off in that, depending on your industry: The cloud provider may be a juicier target for bad actors, but the likelihood that you can hire and retain better IT security expertise than Amazon or Microsoft isn’t very high.

However, your solution provider is probably not the cloud service. Rather, it’s an intermediary who introduces an additional layer of data handling and security questions. What is required, for both buyers and vendors, is transparency.
  • Who is the cloud provider?
  • What contracts and indemnifications are in place?
  • What security and escalation procedures have been agreed to?
  • Which regulatory mandates have been addressed?
  • What laws govern the data, and where will it be stored?
  • What terms and conditions control incident notifications and disagreements?
Few businesses want to give up control of their data. When your data sits in your own data center, you may, or may not, be better able to protect it than a cloud provider. Companies must weigh the trade-offs and make a business decision based on both the legal and technical issues. If you’re harboring data that is valuable to governments or nefarious actors, the options may be equally susceptible. However, as Mr. Schneier notes in his Economist blog,
“Under American law—and similar laws in other countries—the government can force your cloud provider to give up your data without your knowledge and consent. If your data is in your own data center, you at least get to see a copy of the court order.”

Yet, the reality is that a number of services are coming to the cloud with functionality that few businesses can afford to replicate. Many customer engagement solution providers use cloud services for precisely this reason.

Technologies, such as content delivery networks, can radically improve response times and customer experience for things like personalized video. For these services to be effective, they must have access to customer data.

Again, the decision can often be made easier by transparency between vendor and buyer. Be very clear about the following:
  • Who owns the data?
  • How it is stored and in what format?
  • Exactly what happens when you want to switch providers?
Switching costs were once the darling of vendors—get a client into your system and you had them for life. That’s no longer acceptable. Competitive differentiation should come from quality of service and innovative features/functions—not a hostage mentality.

Trust underlies all of the above. New and emerging vendors have an enormous burden of proof for showing they are trustworthy. There is no such thing as being too transparent or too open when it comes to IT security and data control. Even companies with a long history of performance need to be aware of this as they move into offerings running on public cloud platforms.

The future of customer engagement is in the cloud. The innovation happening there is quite remarkable, but we are not all ready for it yet. Everything vendors can do to bridge the gap of trust, credibility and openness will get us closer to the goal.

Terry Frazier is a research director within IDC's Document Solutions research group. He is responsible for the Smart Customer Engagement practice as well as written research in managed print and document services and document outsourcing. Follow @IDCHardcopy on Twitter.