Google has said customer data is more secure in the cloud, rather than on a business's own network.
Businesses such as HP have expressed concern about storing their important data on another company's servers. But in a blog post on Monday, Eran Feigenbaum, director of security at Google Apps, one of Google's cloud-based services, argued that data can be more secure when stored and accessed online.
Feigenbaum used the analogy of storing jewellery in a bank rather than at home. "Cloud computing, when IT software and services are delivered over the web and through a browser, is a paradigm shift, similar to taking your jewellery out of your sock drawer and placing it in the bank," wrote Feigenbaum.
"The bank has the economies of scale. It has guards, robust safes, video surveillance — much more than any security investment you can deploy yourself."
Feigenbaum went on to argue that the loss of data through human error can be avoided if documents are stored online. In addition, he said businesses using cloud services need not worry about patching security holes, and that the distributed nature of cloud data-storage makes data recovery more robust.
No system is foolproof, Feigenbaum acknowledged, pointing to privacy problems Google users had following a Google Docs update error in March. The glitch inappropriately shared access to a range of word-processing and presentation documents stored in Google Docs. However, he said that as it was a cloud-based service, Google was able to respond to the issue quickly and customers did not have to patch or otherwise install software.
Security experts on Tuesday were cautious about Feigenbaum's assertions. Richard Clayton, a Cambridge University security expert and government IT security advisor, said the strength of cloud security was not clear cut.
"It depends, it's neither black nor white," said Clayton. "It's generally true that if you put data in the cloud it's probably going to be more secure than if you leave it lying around the office or on a laptop in your car."
However, Clayton gave the example of Microsoft losing T-Mobile Sidekick customers' mobile data in October as to how data outsourced to a cloud service can be lost. Contacts, calendar information and photos were among the data lost following a server failure.
"You can't do your job without a contacts list," said Clayton. "It's pretty scary."
Clayton said that while he would recommend cloud services to small businesses, he did not expect GCHQ to be putting data in the cloud anytime soon.
McAfee security expert Greg Day echoed Clayton's comments, saying different organisations had different IT security expectations. Day said there were economies of scale to be made in the cloud akin to storing money in a bank "rather than stuffed in a mattress".
"Different businesses have different definitions of what is secure," said Day. "There's clear logic in economies of scale, but the risk is that the cloud is a more visible target."
Day added that he expected businesses to sample cloud services before committing.