Security is quite rightly a key concern for any CIO thinking of taking to the public cloud, yet the level of anxiety over cloud computing has dropped a few notches in the last few years as organizations get used to doing business this way.
So, while security is initially cited as the biggest concern about cloud computing by cloud newcomers (31%) in the RightScale State of the Cloud Report, this drops to fifth place (13%) among experienced users.
And there are more and more of these experienced cloud users around. A survey by Vanson Bourne, commissioned by cloud industry body CIF, found that UK cloud adoption has hit the mainstream, growing 61.5%. An impressive 98% of those companies reported no security breaches. CIF expects this stellar growth rate to continue, believing that 90% of UK businesses will use some kind of cloud service within the next 12 months.
That’s a massive thumbs-up for cloud computing and by association, cloud security. There’s a firm and increasing confidence and trust in the cloud that is unstoppable, despite stories such as the high-profile Edward Snowden/NSA internet surveillance scandal last year which many feared would dampen that enthusiasm.
Instead of being a barrier cloud computing (even if that barrier is being whittled away), there are benefits to cloud versus traditional security. It’s certainly not foolproof, but then nothing is, particularly if there are humans involved - 800,000 laptops are left in airports alone every year, according to Salesforce figures: How many of those are potentially carrying sensitive company information?
In contrast, there are actually relatively few examples where enterprise data in the cloud has been attacked – and those instances were just as likely to be caused by enterprise failures than caused by suppliers.
Cloud security can potentially be better because security is a top priority for cloud providers. Their sole focus is to maintain data integrity and access instead of having money, time and resources split between different IT projects. This means they will invest heavily (which means you don’t have to) in the latest security equipment and best practice to a level that is simply out of reach to all but the largest organizations – meaning that you reap the benefits for less than a large organization cost.
Patch updates and refreshes will be done for you without requiring a network technician to do the honors for you. That’s a potential massive cost saving both in terms of the equipment you need on site and staffing levels.
Cloud providers will be also following the stringent ISO security standards and have regular security audits. They will have jumped through every certification or best practice hoop available to keep their customers happy.
There’s also the matter of real-world security. Your cloud provider’s data center will be highly secure with tightly controlled access. It may psychologically feel more secure to have your data within your own four walls, but that doesn’t mean that it’s actually true.
Having a cloud provider take care of your data security issues can remove a large headache, however it doesn’t mean you should rest on your laurels and assume that a provider saying that they provide secure cloud services, mean that they actually are: Don’t be afraid to ask them to put their money where their mouth is.
Ultimately, it’s up to customers like you to check that their cloud supplier is up-to-date with the latest security practices and is making their environment as Fort Knox-like as possible.
Check out your supplier’s credentials:
And if you still can’t sleep at night worrying about data in the public cloud, then adopting a private cloud approach will enable you to experience the benefits of cloud computing without exposing your data to the public cloud.
In many ways, this is business as usual. CIOs have had to learn to trust hardware, software and then outsourcing vendors with their precious business assets, cloud vendors are just another group of providers they are learning to trust. But trust, as ever, has to be earned.