January 1, 2013
By Leonard Klie, Editor, CRM magazine and SmartCustomerService.com

Building an Impenetrable Cloud

CRM applications have been available in the cloud under the software-as-a-service (SaaS) model—where applications are hosted by a vendor or service provider and made available to customers via the Internet—since the late 1990s. By now, the benefits of these types of deployments are widely recognized: Lower up-front costs, faster time to deployment, simpler administration, automatic updates, system compatibility, easier collaboration, and global accessibility are all hallmarks of SaaS deployments.

And while such deployments have really picked up in the past year or two, many firms are reluctant to even consider the cloud for fear of data being lost or misappropriated.

The Perceived Threat

Security of corporate data is the number one concern related to cloud migration, cited by 74 percent of respondents to the latest "State of the Network" global study by Network Instruments, a provider of network and application performance monitoring. That's nearly twice as high as was reported last year.

In the healthcare field, the data issue looms even larger in any discussion of the cloud because patient confidentiality is of paramount concern.

This issue was strongly considered by contact center leadership at Sharp Rees-Stealy Medical Center, a healthcare provider operating 20 clinics in the San Diego area, before they brought in a cloud-based application to handle patient appointment reminders.

The company, which employs 420 physicians who handle more than 1 million patient visits per year, is using the cloud-based Patient Interact solution from Varolii for outbound patient appointment reminders. The system sends out 5,000 to 7,000 reminders per day to patients via an automated phone call or text message.

Sharp Rees-Stealy uploads the information, including patient names, appointment dates and times, facilities, and doctors' names, to Varolii's servers, and Varolii handles the rest.

"This data isn't anything that's too critical, but we wanted to make sure the information would be secure before turning it over," says Kathrina Bidwell, manager of Sharp Rees-Stealy's patient contact center. "There was a lot of trepidation, even about turning over this information."

Diminished Risk

The data security issue is a legitimate concern, according to many experts, but one that is diminishing quickly.

"The cloud is maturing, and the leading players are proving that they can provide secure services that meet the regulatory needs of specific industries, like insurance, healthcare, and financial services," says Jeff Kaplan, managing director of THINKstrategies, a CRM consulting firm. "If you look at the evolution of SaaS offerings, the prominent players that deal with highly regulated industries have met the security requirements of those industries."

Five9, a cloud-based contact center software provider that facilitates more than 3 billion calls per year, counts among its clients a number of leading financial services firms and several insurance and healthcare providers. "It's a validation of the cloud that financial and healthcare firms are in there," says Mike Burkland, its president and CEO.

Geoff Merrick, chief technology officer of the Salesforce.com business unit at Cloud Sherpas, a cloud consulting and systems integration firm, says most cloud systems have matured to the point where companies needn't worry. "The data security question…and compliance issues have been addressed," he states.

Universal Health Care, with 189,000 members in 19 states, turned over its contact center operations, which handle about 80,000 calls a month, to Five9 two years ago. Lisa De La Parte, the senior manager of its contact centers, has no concerns about security. In all the time with Five9, there has never been a data breach, she says.

Universal Health Care's contact centers blend inbound and outbound services for member services, sales, pharmacy, claims, enrollments, and case management. Five9 also provides screen pops, click-to-call, and a number of other technologies, as well as integrations with Universal's Salesforce.com and Fortuna CRM systems and its NICE Systems IEX workforce management solution.

"Five9 allows me to run my contact center from anywhere," De La Parte says.

Burkland says many cloud service providers today don't even store data locally. "We are just routing the interactions," he says.

Five9 offers cloud-based applications for inbound and outbound calls, predictive dialing, IVR with speech recognition, workforce management, quality monitoring, call recording, agent scripting, and automatic call distribution.

These kinds of applications can be very data-heavy and demanding, adds Raj Sharma, president and CEO of 3CLogic, a provider of call center software hosted on the Amazon Web Services cloud. "Centralized server architectures are just not robust enough to handle the kind of load that contact centers generate," he said in a statement.

Still, Darryl Plummer, a managing vice president at Gartner, and David Mitchell Smith, a vice president and fellow at Gartner, recommend a tactical approach to moving applications into the cloud. Apps that can be moved into the cloud right away include CRM, email, productivity tools, Web servers, and collaboration tools. Apps that should be moved "a little later" include product design, help desk, account management, and evaluations, they suggested in a recent report.

Still, a question that comes up often in Burkland's discussions with companies considering a contact center cloud migration is the issue of multitenancy, in which information from many companies is stored in the same data centers—in some cases on the same servers—or where a single instance of a software application serves multiple customers. That concern is without merit, he says. "There is no impact from one customer's activity on the system to other customer applications and data on the same system."

Furthermore, with multitenancy, each tenant's data is isolated and remains invisible to other tenants.

Denis Pombriant, founder and managing principal at Beagle Research, likens hesitation over multitenancy to a consumer refusing to open a bank account for fear that his money will get lost in someone else's account."What we're really talking about is raw data that is overlaid with one or more layers of metadata to link it to a specific customer," he says.

Companies also often mistakenly believe that customer information and applications are safer behind their own firewalls, something that Kaplan says often can't be further from the truth.

"You might think you're better able to safeguard against data security issues, but you have to ask yourself, how secure is your own environment?" he states. "[Hosting] companies have succeeded in hosting data in their data centers without serious security infringements where data was compromised, but there are plenty of stories about that happening at companies' own facilities."

Pombriant says the greater risk is from IT departments that are stretched to the limits. For the most part, "data centers by service providers are more secure than those run by internal IT departments," he says. "The IT department has so much else going on."