Top Three Differences between Enterprise and Consumer Clouds
The cloud has been a boon to people and businesses that enjoy its convenience, agility and flexibility. But increasingly, corporate users are choosing the cloud applications they use without involving IT, and often without understanding the issues that can result when critical corporate information is shared through consumer cloud applications.
Consumer cloud applications are built for individuals to quickly subscribe, get up and running, and easily be able to take advantage of features. They are built to bring the public together and share information. Security of information and compliance to corporate regulations are not the top priority.
By contrast, enterprise cloud applications focus on ensuring that your business can comply with corporate and regional regulations and that your business information is kept confidential. While optimizing and accelerating business processes, these applications focus on security, auditability and data sovereignty that are so critical for enterprises.
Growth of the Cloud
More and more businesses are moving to the cloud and many are doing it without a defined strategy or policy around usage of corporate data. According to analyst firm IDC, spending on cloud computing is expected to grow at a compound annual growth rate (CAGR) of 23% until 2018 and more than 80% of new applications will be distributed and deployed on cloud platforms.
The appeal is obvious: The cloud can be easier and less expensive than building and hosting your own data center, and it provides maximum flexibility and frees up IT resources. It is scalable, so businesses can quickly adapt and expand without needing to install new hardware.
The boom in cloud services has resulted in increased choices but also increased risks if organizations are not careful. As with any surging business, it has attracted “pop up” vendors who offer seemingly low-cost, low-friction services that can be used by anyone. Here the ancient phrase caveat emptor (buyer beware) applies since there’s a range of cloud services, many of which do not offer enterprise-level data privacy and security.
That’s why it’s important to stress that there’s no single cloud. Instead, there are several options to choose from: public and private clouds, and a broad range of applications built for either consumer or enterprise usage. All have a legitimate role depending on the needs of the business. Let’s focus in on enterprise and consumer cloud application options.
Before we explore the reasons why enterprise cloud is different than consumer cloud, let’s first look at some definitions.
Consumer cloud applications are operated in a multi-tenant environment in which you buy a small wedge of services. The payment system is akin to a utility and there are typically no contracts; instead there are standard terms to accept (which few users even read before accepting). But just like a homeowner doesn’t control how its utility provider delivers electricity, you as a business customer often have little say over how a consumer cloud provider runs its services. You may not be able to ensure the protection you need for corporate information.
Enterprise cloud applications, by contrast, offer the right mix of controls and options for businesses. There are negotiable options with the cloud provider and service level choices. You are better able to ensure the application meets your corporate standards and required data protection levels.
Three Crucial Differences
The above simple definitions don’t cover every scenario. When you look closer, there are at least three crucial differences that businesses should consider: security, auditability and data sovereignty.
• Privacy and Security
Security is a concern in both consumer and enterprise cloud applications. No one wants to have their private or their corporate information compromised. However, as we’ve all seen, security breaches are on the rise overall. A 2014 study by PricewaterhouseCoopers found that security incidents rose 48% that year versus 2013. The number of such incidents has risen at a 66% annual compound growth rate since 2009.
For corporations, security and privacy of their information has to be a paramount concern. In the digital age, information is the new currency and it must be managed as such. Some corporate information can and should be broadly shared in the market, while other information is highly confidential, such as corporate IP, and must be carefully safeguarded. In choosing cloud applications and cloud providers, enterprises need to consider their use cases carefully, and work with their cloud providers to ensure applications and cloud environments bring them the protection they need.
All consumer cloud applications have some level of security spelled out in the “terms and conditions” users agree to at time of purchase. Most also have clauses that say the terms and conditions can change at any time without notification to the users—and it happens. This makes it very difficult for businesses to be sure that an application meets their guidelines both now and in the future. It means they should be careful about the types of information they allow to be used in these consumer applications.
Enterprise cloud applications place prime consideration on privacy and security. They are built to manage critical information assets, and secure access through a variety of means that can be very sophisticated depending on the requirements of the customer base. There are myriad security standards related to cloud data centers and applications, and enterprise cloud providers typically comply with a number of these. What’s more, companies looking to work with them can request information on compliance to the standards that are a priority for their IT organization. Contracts negotiated with enterprise cloud providers can spell out standards on compliance, backup, recovery and service levels.
• Auditability
Any company that has an information governance or information management program knows how important auditability is for all enterprise information. That goes for data stored in the cloud as well—but auditability is something that needs to be planned for from the beginning, not considered after the fact.
Enterprise cloud providers understand that businesses need to have visibility into the security and management controls of their data centers and applications. Unlike consumer cloud providers, many enterprise vendors are able to stipulate in your contract that they will do a security audit if and when it’s needed.
Another important consideration is the data chain of custody. Enterprises need to be able to see who accessed their information, how they may have changed it, and what they did with it when information is sensitive or confidential. Enterprise cloud applications normally build this in and provide these options, while consumer applications may not.
Finally, enterprises must consider what might happen if they need to get their data back out of a cloud application—for instance, if their security needs change, if they decide to change cloud providers or applications, or if their cloud vendor goes out of business. Enterprises must ensure they have a clause in their contract that says they alone own their data and can retrieve it at any time.