Beware: 'Cloud' Doesn't Necessarily Mean 'Open'
The cloud is certainly having its day in the sun. Social, mobile, and now the cloud have taken turns topping IT priority lists for large enterprises. This notion was underscored when a recent Bitglass survey of 92 CIOs and IT leaders revealed that 55 percent of respondents said their companies embrace a "cloud-first" strategy. Such reverence is hardly surprising. The cloud-based software-as-a-service (SaaS) model offers a lot of advantages for many enterprise solutions. Rapid deployment of off-the-shelf software systems can be affordable, present a low barrier to adoption, and provide an excellent way to prove new ideas quickly. This has certainly made it easy for many companies to implement new software, but there are pitfalls that must be watched for and avoided.
Most cloud solutions are available only in proprietary, multitenant, shared-infrastructure, single-cloud configurations—a big black box in the sky. There is little or no opportunity for companies to decide where they want their applications and data to reside. Public cloud of your own choice? Private cloud? Within your own country's borders? On premises? A hybrid combination of these? In some cases, all these options are off the table. The only choice is the vendor's proprietary cloud—a model that just doesn't work for everyone.
Security concerns, regulatory requirements, and enterprise integration strategies should be carefully considered before deciding to "lock in" with a solution that's limited to a single vendor's proprietary, public, shared-infrastructure cloud.
It's interesting to note that a recent Gartner study, Market Share Analysis: Customer Relationship Management Software, Worldwide, 2014, states that 47 percent of CRM software revenue was generated from SaaS-based CRM applications in 2014. But that means the other half of CRM revenue was generated from private cloud, managed hosted, and on-premises solutions. The more sophisticated multinational companies with intense data integration and data security needs are turning away from the public cloud and choosing the private cloud for their CRM needs.
I recently met with representatives of a large company in the financial sector about a new CRM deployment. Without hesitation, they said, "There is no way we are putting our customer data in a public cloud environment where we lose control." This is an understandable reaction: Around the world, companies in highly regulated industries like financial services, healthcare, and the federal government must comply with strict regulations that govern the handling of personal information and sensitive data. An out-of-the-box shared infrastructure cloud CRM offering will not meet these strict regulatory requirements.
Compliance is becoming an even greater challenge outside the United States. Many countries have strict rules governing the collection and storage of customer data. This has led to an increasing drive for data localization. For example, Germany requires that data about German users must be stored within the country's borders. Recent court rulings against the USA-EU Safe Harbor framework and the proposed "Safe Harbor 2.0" data transfer rules will lead to many companies deciding the best way to stay compliant is to keep customer data stored within the same continent and same country, if possible.
In addition to compliance issues, data security concerns have caused many CIOs to delay shared-infrastructure, public-cloud deployments. One of the main concerns for organizations is that information stored in the public cloud is beyond its control. Imagine investing in the best security tools and having the most sophisticated authentication protocols, but still being at the mercy of your cloud vendor’s security mechanisms for managing your most precious asset, your customer data. Your top-notch information security team has no visibility into those security controls, and you have no way to move to another CRM cloud vendor if those security mechanisms are challenged or, worse, fail. It's not a comfortable feeling. Couple the loss of control with the media's constant reporting of embarrassing high-profile data breaches such as happened with Anthem Insurance, AT&T, and even Ashley Madison, and the unease about having customer data exposed grows—which is understandable, given the obvious consequences: compromised reputation, lost business, and fines levied for regulatory violations.
Another large multinational electronics manufacturing company I recently worked with reviewed all of the public-cloud CRM solutions available and determined that moving its large volumes of customer data across multiple public cloud vendors was not only potentially unsecure, but too costly. With tens of millions of customers around the world connecting with it across a variety of brick-and-mortar and online channels, the dollar costs of storing that data in a public cloud service and the costs of accessing its own data for reporting and integration purposes via that cloud service did not work out. Global enterprises find the very size and complexity of their customer data challenging to manage and integrate in the public cloud. All of these cost and control issues melt away when the CRM solution is managed in a private cloud, often by one of a variety of different expert-managed cloud service providers.
Organizations should have the freedom to implement the systems and architectures that best address their needs for security, regulatory compliance, and data integration. The cloud is a great option. But getting there shouldn't force you into an environment that puts your data, your business, or your career at risk.
Clint Oram is the chief technology officer of SugarCRM, which he cofounded in 2004 with the goal of helping companies around the world turn customers into loyal fans. Today, he leads corporate development strategy and the alliances teams. Oram was one of the original architects and developers of the Sugar application and has focused on building out the product, company, partners, and community in a variety of executive roles.