CIOs love the agility, flexibility and lower prices offered by the cloud. But year after year, security breach after security breach, fear keeps them from moving more sensitive data and applications to off-premise data centers.
If you’re selling cloud security, either as a cloud service or in the form of consulting to help clients assure cloud security, what sort of content do you need to find, score, and nurture prospects?
Based on my recent reporting and a recent global survey of IT executives I helped execute for Oracle, here are some security-related questions you can use to build content for each nervous step along the cloud purchase funnel. Each of these topics can easily be expanded into a blog post, white paper, Webinar, ebook or “Top Ten Questions to Ask” cheat sheet.
Awareness/General Education Stage
- What questions should I, as a customer, ask to determine if the cloud is likely to be more or less secure than my in-house environment?
- What general questions should I ask my cloud provider about security?
- What types of applications and data are my peers trusting to the cloud?
- How do assess my applications and data to determine which are most suitable for the cloud from a security perspective?
- How much can I trust security certifications such as PCI? What are the hidden “gotchas” that can make such certifications worth less than they seem?
- (For cloud-based security as a service:
- What is “security as a service?” How does it work?
- What forms of security are available as a service (Identity management? Remote monitoring?) What are the pros and cons of each?
Product/Service Consideration Stage
- What specific questions should I ask a cloud provider based on my vertical market and its industry/governmental compliance requirements?
- What processes, and technologies, should the service provider use to alert me to security issues? How quickly will I be notified, and what are the escalation paths if the problem isn’t solved quickly
- What types of encryption should they provide for data in transit and at rest?
- What are the different methods of isolating customer environments in the cloud (such as network traffic isolation vs. database traffic isolation? How does a customer determine which is best for them?
- What security service level agreements (SLAs) should I expect from a cloud provider, or a security as a service provider?
Product/Service Evaluation/Purchase Stage
- What specific security-related controls and reports should I insist on from my service provider?
- How will the provider give my internal or external auditors the information they need to help prove my compliance with essential security requirements?
- Specifically how do they assure my data and applications are isolated from those of other customers?
- Do they offer any federated identity or access management capabilities that make it easier for me to integrate my on-site security mechanisms with the cloud?
- Specifically how does each provider assure only proper access to the administrative accounts that are the “keys to the kingdom” for their cloud? Who performs patching, and who on their staff is authorized to log onto each host and guest
- How quickly will they inform me about the existence of a security breach, their progress toward resolving it, and what if any of my data was compromised?
The specific points you address at each point in the sales cycle may differ. The point is, the closer your prospect is to the evaluation/purchase stage, the more specific the questions become. Let me know how this list looks to you, and what content has worked well in selling cloud security.
If you’d like to see a content cookbook for any other product or service, email or call at (508) 725-7258.
Filed under: Content Marketing
Like this post? Subscribe to my RSS feed and get loads more!