Ever since cloud computing became part of our lexicon a few years back, the main showstopper, as seen by many enterprises, has been security. Many executives and managers are nervous about entrusting sensitive or competitive corporate data to offsite, and often unseen, third-parties.
A few months back, I spoke with a CIO who admitted, however, that he felt his data is probably in better hands with a well-trained, SAS-70 compliant cloud provider than trying to keep his own systems and staff up to date with security procedures and protocols.
Now, a report by The Wall Street Journal's John Bussey reinforces this idea: that data -- especially among small to medium-size businesses -- may actually be more secure in the cloud:
"Basic security tasks that often don't get done at a small enterprise—updating antivirus programs or applying patches to software—are usually part of the plain-vanilla package in the cloud. The more you pay, the more you get: firewalls around your data, high-end encryption, 'private clouds' that let you isolate critical information and still access extra processing muscle when you need it, hacker-attack notification and mitigation, and 24-hour tech support. 'Small and medium businesses are insane not to leverage the advantages of cloud computing,' says Jim Reavis of Cloud Security Alliance, an industry group. 'It ends up being almost in all cases a security upgrade because they can't otherwise afford the practices.'"
Of course, the WSJ article is based on anecdotal statements -- we'll have to see some survey data that definitely tells us that security is a reason for going to the cloud, versus being an impediment. The question is: is security now becoming cloud's best selling point? Or is it still too risky to rely on unseen third parties?