The client, one of the world’s leading CRM software companies, required a White Paper that would help those considering adopting a cloud-based CRM solution, but were uncertain of the implications. Work involved interviewing subject matter experts, internet research and writing and editing of copy through to a finished version.


Moving to the Cloud? 35 Questions for you and your vendor

Cloud computing is fast becoming the new way of working for many companies. In fact, 74% of Tech Chief Financial Officers (CFOs) say it is the one thing that will have the most measurable impact on their business in 2017.

Consequently, it makes sense to thoroughly investigate the potential of using a cloud services provider for applications such as CRM. This White Paper sets out a framework for doing so.


Each year, more companies are recognising the benefits of the cloud, turning to Software as a Service (SaaS) and away from on-premise and desktop systems. In 2017 alone, according to research group Gartner, this will see the market for public cloud services growing by 18%.

Improved productivity, universal availability of information, cost-effectiveness and no installation are just some of the reasons why it makes sense for so many organisations to adopt solutions like our own Act! Cloud.

However, lingering concerns over data privacy and security continue to deter some businesses from taking a step that could bring a significant new dimension to their business. Often, suspicion of the cloud is based on a tendency to over-estimate the security of their own IT systems and consequent ability to contain customer-data breaches should the worst happen.

This is unfortunate given that cloud service providers are generally much better at protecting data than their in-house counterparts.

However, entrenched resistance to cloud deployment is diminishing — now only 21% of organisations think the cloud is riskier than traditional IT environments according to CloudPassage’s 2016 security report, in comparison with 28% the previous year.

Of course, any internet-connected computer or network is potentially vulnerable to outside threat. So seeking reassurance from your cloud provider about what they are doing to minimise potential risks is an essential precaution.

So, in this White Paper, we suggest 35 questions, across nine areas, that you may want to ask before making a final selection on the most suitable product and vendor for you.

“If someone asks me what cloud computing is,  I try not to get bogged down with definitions.  I tell them that, simply put, cloud computing is  a better way to run your business.”

Marc Benioff, Founder, CEO and Chairman of Salesforce

Section One: Security

Every cloud service provider should be making security their primary concern. After all, their whole business model is pretty much dependent on it. Recognising this potential vulnerability is the reason why serious cloud providers invest so heavily in the talent and technology to protect their infrastructure.

In addition to their large spend on deeply embedded security measures that far exceed those of most other enterprises, SaaS providers are helped by the complexity of cloud operations themselves, which adds a further layer of security. So, even if cyber-criminals know who your cloud provider is, they still must find and gain access to the right data centre to compromise your information. That is no easy task. Because of these factors, businesses that store information on their own servers are actually more at risk than those who use the cloud to do so.

Q1. What firewall protection do you have in place?

Firewalls are the first line of defence between the internet and your network, but never assume your internet service provider has one in place. In any event, personal firewalls should be installed on every internet-connected computer. Larger organisations may want hardware firewalls as well. Other security measures will be needed to protect against viruses, spam, spyware and security ‘back doors’

Q2. Is intrusion detection (ID) security management in place?

Such systems can identify possible security breaches within a computer or network. This includes attacks from outside and misuse from within.

Q3. Do you use Secure Sockets Layer (SSL)?

These cryptographic protocols create secure channels between machines that are connected via the internet or internal networks. SSL turns a website’s address from insecure HTTP to secure HTTPS, where the information is encrypted and secure from interception.

Q4. Is there 24×7 security monitoring?

Large cloud providers have security teams, systems and tools constantly monitoring operations, meaning they have the ability to pick up potential problems sooner. Many organisations don’t have such round the clock surveillance of their in-house IT, so it can take days or even weeks to spot a data breach.

Q5. Do your third-party organisations have certifications for security practices?

This can help prevent breaches or theft by ensuring only authorised users have access to an application and related data. Some cloud service providers may be subject to regular audits from consulting firms that specialise in IT security to ensure their infrastructures are compliant.

Section Two: Data Retention

Data is now the lifeblood of nearly every organisation. CRM applications, for example, feed on it voraciously, so any interruption to the flow can be highly disruptive. Consequently, the cloud service provider you choose must be able to guarantee that your offsite data is not only held in a way that is compliant with your industry’s regulations but is also readily available as and when you need it.

Q6. Do you guarantee data will never be shared with or sold to a third party?

Data breaches destroy trust and will be immensely damaging to your reputation. It is essential you know what policies are in place to ensure that confidential data will always remain that way.

Q7. How do you ensure data is only available to those authorised to access it?

If no robust retrieval protocols have been established, there is always the possibility of data being accessed either accidentally or intentionally by someone who shouldn’t.

Q8. Will data be available at all times?

Round the clock accessibility should be a given. Having access only at times dictated by a SaaS company is not acceptable.

Q9. Can data be downloaded in a variety of formats?

Being able to do so creates flexibility and helps ensure the value of data isn’t diminished by being trapped in an information silo.