Doubtless we all recall the ‘armageddon peddling’ warnings from various quarters about the negative impact that the NSA snooping revelations were going to have on non-domestic cloud computing spend with US providers.
Those came back to mind yesterday at the Salesforce1 World Tour in London as the firm (re)announced its plans to open a UK data center, as well as one in France and one in Germany, over the next two years.
These will be servicing the needs of European customers who want - or need - to know that their data is hosted within country borders. I’m all in favor of this substantial investment by Salesforce.com, which seems to me to emphasise the firm’s commitment to international expansion. We’re seeing the same thing coming from the likes of Oracle and NetSuite, of course, so Salesforce.com is not alone in this.
What is interesting is that all three of the firms I’ve just cited are adamant that they’re not making these moves due to concern or reticence from prospects or existing customers in relation to the NSA revelations.
Despite the best efforts of the likes of European Commission Digital Agenda Commissioner Neelie Kroes to stir up fear, uncertainty and doubt among European customers about using US cloud services providers, the likes of Salesforce.com say it has seen no significant issue around this.
Dr Steve Garnett, Chairman of Salesforce.com Europe, told me yesterday:
We haven't seen an impact from all that stuff. As you can see from the euphoria here today [at the Salesforce1 event] and the growth rates [in Europe] we are putting out, we are not seeing an impact on that.
That being the case, there’s a clear divide between the reality of the markets and the hype around mistrust of US cloud providers that continues to be pitched far and wide.
Just this week, a study was published claiming that more than half (51%) of European IT managers don’t fully trust US cloud services, while 65% believe that using a European-hosted service is just easier from a regulatory and compliance perspective.
According to the study by data protection specialist Perspecsys, based on polling at the recent InfoSec Europe Conference:
- 47% believe their data is more secure contained in European-based versus US-based clouds
- 62% believe that negativity toward US-based clouds is justified, based on reports of the NSA having visibility into this data
- 59% do not believe that European-based government agencies conduct practices to the same extent as the NSA.
That last point is staggering more for its naivety than anything else and it needs to be noted that the people polled are security specialists for whom paranoia is an entirely necessary pre-requisite of the job!
How do I get in?
Back to Salesforce.com’s Garnett who noted that the US provider has 10,000 customers in Europe already, without having a data centre in region:
We haven't had a European data center, but we are still experiencing 43% growth. [For] the vast majority of customers, it's an irrelevance about where the data is located.
The vast majority of our customers today have gone through, and had their legal experts and their security experts, look at Salesforce.com and [have] come out and said our security policies are substantially better than their own and that's why they have chosen us.
However, in certain sectors they have a strong preference to have their data in a UK data centre for regulatory reasons. We are still looking at the process of how that's going to happen.
This raises an interesting thought. As Garnett says, there has been no option to date for prospective Salesforce.com customers in Europe other than to accept their data being hosted in the US. You want to use Salesforce.com, you’ve got to get your head around that - and as Garnett points out, 10,000 customers have been quite content to go along with this.
But in a post-Snowden world, and with the imminent prospect of there being a UK (then French and German) in-country option on the table, I do wonder how many of those 10,000 and the pipeline of future prospects will now want to exercise that option?
This in turn raises the question of how Salesforce.com will manage the process of selecting who does get to host in the European centers once they open.
Can existing customers just say, 'I want in' and see their data transferred back from the US?
Can new subscribers specify that their data needs to be in the UK center, even if there's no real reason for it to have to be there in terms of compliance demands?
With the first UK center due to open in just over 3 months, the firm admits it is still pondering how that’s going to work in practice.
Obviously some clients will be at the head of the line, such as government organizations and financial services firms due to their high security requirements.
Obviously the government sector…or if the customer says to us ‘We absolutely require to this, can we be in the UK data center?’, then of course.
What we don't want the customers saying is, ‘Can we be in the UK data center this week and can we go back to the US next week?’ Obviously that's not going to work.
But if they have a definite and fair reason for being in the UK data center, then of course they will.
Clearly it’s a work in progress, but explaining its 'door policy' clearly before the European centers open those doors is something I'd suggest Salesforce.com will need to prioritize.
One of the firm’s flagship customers in Europe is the Alzheimers Society whose CIO Ray Cross was present at the Salesforce1 event in London this week. As a third sector organization, and given the hugely sensitive nature of data it holds, the Society had to get a special exemption from the UK's data protection regulator, the Information Commissioner’s Office, to host it in the US.
What’s interesting is that while the Society is comfortable enough with that to be a showcase reference customer for Salesforce.com, Cross stated bluntly that once the UK data center is open, it will want to host its data on native soil.
I suspect he will not be alone and Salesforce.com may face a long line of requests. Having European data centers is a great competitive asset for Salesforce.com and the other firms who set up shop here.
But it might also need some careful managing if there's a wave of customers who are currently using US data centers who decide, rationally or irrationally, that they need to be using a European one since they are now on offer.