When it comes to ensuring the integrity of cloud services, third-party groups have attempted to improve consumer confidence with various certifications for service providers. And while other organizations independently validate providers' promises of secure data and consistent protection, some cloud providers are going even further by certifying their technical expertise as well.
Serving as more than just a validation of the baseline security of a provider's cloud services environment, vendor-specific certification programs enable providers to distinguish their services with an endorsement of their expertise. Whether it's a partnership with Citrix, a silver competency from Microsoft or a certification from Red Hat, a vendor's seal of approval is designed to indicate a cloud provider offers reliable services and support.
"The vendor-specific certifications are extremely important," says Charles Weaver, CEO of the MSPAlliance, an industry association and accrediting body for cloud providers and managed service providers (MSPs). His organization focuses on certifying providers with its vendor-neutral credentials, including MSPAlliance's Unified Certification Standard, to assess such facets as a provider's physical security, data privacy and service-level agreements. But Weaver believes that vendors' certifications offer something distinct.
"They provide visibility perhaps better than any other type of certification could about the provider's capabilities and expertise in that technology," he says.
Cloud providers see benefits of vendor certifications
For Datapipe, a cloud provider and MSP in Jersey City, N.J., a vendor's certification represents a confirmation of its capabilities that can boost user confidence and improve the company's visibility.
I am sure that [our Microsoft certifications] helped us and helped when talking to new potential customers.
Tudor Ciuleanu, Imprezzio Global
Ed Laczynski, Datapipe's senior vice president of cloud services, says the provider has obtained certifications from VMware, Citrix, Microsoft and Oracle, among others.
"They're all important to us," he says. "We pursue them because we have a very unique value proposition, where we are supporting customers in heterogeneous hybrid IT environments, everything from cloud to managed services to colocation and security. … We find that when we partner with the vendors that our customers are using and that we use to deliver [services], that we drive a lot of value to our customers, we grow our business and we get more exposure in the marketplace."
This kind of exposure was a major driver for Imprezzio Global, a European subsidiary of the Spokane, Wash., software development company Imprezzio Inc., with offerings that include Software as a Service and cloud-based applications for the enterprise. Earning silver competencies from Microsoft meant a place in the vendor's Pinpoint partner directory, which Imprezzio's Managing Director Tudor Ciuleanu explains was one of the most important factors in the move to get certified.
"I am sure that it helped us and helped when talking to new potential customers," he says. "This is an advantage since they trust our company more. We also had a few companies contacting us from Pinpoint."
Earning those Microsoft certifications also provided Imprezzio access to internal use licenses, press materials, discounts, product support and advisory services. The perks get better for providers in the upper tiers of certification -- silver and gold, in the case of Microsoft's classifications.
Imprezzio's three silver competencies -- which it expects to upgrade to gold soon for more visibility among Microsoft partners -- certify its status as a midmarket solution provider with expertise in application development and Microsoft SQL. Achieving those credentials required that members of the Imprezzio team get individually certified and that the company pass licensing overview as well as sales and marketing assessments. Testimonials from customers and the payment of a membership fee round out the list of requirements.
Microsoft's certification criteria have much in common with other vendors' programs, including the standards for membership in the three-tiered partnership program Red Hat offers. Marketing tools, community involvement and technological support come at the basic Ready partner level and expand for providers certified as Advanced, with the full suite of perks available at the Premier level.
Depending on the partner status they seek, providers looking to receive the benefits must have a minimum number of trained people in sales and IT, an approved business plan and positive customer feedback, among other achievements.
Vendor certification programs rigorous for a reason
Jane Circle, Red Hat's principal product marketing manager, says the technical baselines are the most rigorous: "We must ensure that they can actually produce a Red Hat Enterprise Linux image the same as if a customer were to buy Red Hat Enterprise Linux directly from Red Hat."
Red Hat is among the vendors continuously looking to expand its network of certified partners, adding new partners every month in an effort to further its own visibility and sales. Maintaining rigorous technical, business and operational baselines may limit the number of partners, but Circle points out that ensuring the security and quality of their services is a crucial priority.
The whole idea of a certification program is to provide consistency to our end customers at large.
Jane Circle, principal product marketing manager, Red Hat
"The point is that when we work with our cloud providers, we want our end customers to have a service level that is pretty much in agreement with what they would get from Red Hat," she says. "The whole idea of a certification program is to provide consistency to our end customers at large."
Vendors have to hold potential partners to high standards or risk having a glut of overcertified, underqualified providers representing their brand.
"We are in talks with a lot of vendors who, in their channel recruitment programs, are facing great difficulty in finding qualified service providers who understand not only how to use the technology, but [also] how to be a good service provider," Weaver says. "And they've said, 'Look, we need a way to identify good, qualified service providers before we let them into our programs,' because for the vendor it's a great risk. It's a lot of resources that they're going to put in, and they want to make sure they're only working with the best and most qualified."
But the rigid requirements protect certified providers as well. And for uncertified providers already meeting the vendor's standards, getting the additional the stamp of approval is a valuable and visible recognition of their skill in terms that enterprise users in particular find relatable and credible.
Datapipe's Laczynski says certification programs are important to IT buyers.
"[Certifications] help us talk about our value proposition and allow us to show -- in the same language that [enterprise customers] use, in terms of the specific locations and infrastructure they're using -- how we add value," he explains.
Vendor certifications fit into a broader framework of evaluation
The sales requirements for many certification programs aren't usually an issue for Datapipe, as it has often met those goals already as part of its own business strategy.
More on cloud certifications and skills
Find out what training programs the top cloud providers offer
How is cloud computing affecting service provider IT jobs?
Work for a provider? You need cloud skills on your resume
"We have a really reliable and loyal customer base, so typically we've already qualified for all the revenue targets or use targets that these various vendors have," Laczynski says.
Considering their potential to undermine the neutrality of the certification process, these sales qualifications cause some concern for Weaver. Nevertheless, he believes "they've largely gone away."
Another potential challenge is that vendor certifications only go so far, Weaver says. These programs may validate a provider's mastery of a particular technology, but they don't necessarily guarantee a provider's "larger duty of protecting data for the client," he explains.
"As good as [vendor-specific certifications] are, they have a precise purpose, and they shouldn't be viewed as simply an excuse not to get any other certifications," Weaver says. "A truly independent audit is needed because there are things that have nothing to do with technical expertise that greatly impact the service provider's capability to deliver their services."