Lower costs, greater flexibility and improved security are all common ambitions held by enterprise IT managers. But if you package all three components into the same deal, most will insist that it sounds too good to be true.
That scenario is now being seen in boardrooms across the world as companies try to interpret the risks and rewards of cloud computing. At this point, reduced overhead and increased agility are all but guaranteed following a move to the cloud. However, some executives simply won't let themselves believe that superior security can also be achieved along the way.
Speaking at the Australian Information Security Association (AISA) National Conference in Sydney earlier in the month, Google's enterprise director of security Eran Feigenbaum suggested that it was high time this myth be put to bed.
"Cloud is typically less expensive than traditional on-premise software – especially if I start adding all the other costs of backup, antivirus, storage, etc. – but it shouldn't mean that it's cheap [in quality]," Feigenbaum told the audience. "There may be different providers and different solutions that are intended for different purposes, but I believe that cloud computing, compared to what most organizations are doing today, is probably more secure."
These comments have already been greeted with a predictable amount of skepticism. As Computing columnist Danny Palmer noted, the Google executive's vision runs directly counter to what many IT departments are expressing today. According to the news magazine's latest industry survey, only 37 percent of companies currently trust cloud security protocols enough to migrate their mission-critical applications. What's more, just 5 percent of respondents cited security as an advantage they have gained in their transition to the cloud.
Although they often march in step with one another, perception and reality are still two different things in the world of enterprise IT. Sometimes it's a lack of understanding or pride that keeps one from aligning with the other, and in this case, companies may simply not be aware or willing to admit to the ways in which a cloud service provider could actually bolster their data security standing.
In reality, according to ZDNet, success will often be defined by the relationship between customer and vendor. In many cases, cloud companies do have resources such as 24-hour server room surveillance and automated backups that are superior to in-house offerings. However, customers will not have full visibility over these systems and must do everything they can to ensure protocols up to par. This can be remedied via detailed service level agreements which require the vendor to consistently produce audit logs and immediately alert customers to the occurrence of, and circumstances surrounding, any data loss or breach.
Cloud Security News from SimplySecurity.com by Trend Micro