We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.
Start a Discussion
Cloud Computing
user-pic

Cloud Computing: More Secure Than In-House IT?

Vote 0 Votes
From Phil Wainewright: According to Google's enterprise security director Eran Feigenbaum, cloud computing is a safer repository for commercially sensitive data than most traditional IT approaches. Cloud providers patch their infrastructure up to 60 days faster than many businesses, and storing data in the cloud eliminates the need to carry it around on USB sticks -- half of which go missing with commercial data still on them, he said on a visit to London last week. Not to mention the many laptops. back-up tapes and office servers that go AWOL every week.

8 Replies

| Add a Reply
  • To a great extent I agree with this comment. Commercial providers go through many more security checks, maintain and manage them more rigorously then corporate IT. In fact since it is a shared infrastrcture the security enhancements that are requested/required by one enterprise are available to others as well. Some of these security policy and procedures could be expensive and resource intensive for enterprises to implement, which they can get by default from the commercial providers. On the other hand a breakdown in security at a commercial provider can affect many customers at the same time...but the tendency for that is bleak...speaking as a service provider off course!!

  • On top of what Sandip writes, if you look at the typical small business IT, security is often no more than a key-locked room. Back to the Enterprise, most Enterprise RIA platforms that have their proprietary sandbox offer much more security and less vulnerability to outside attacks. End-to-end RIA Platforms such as uniPaaS totally obfuscate server-side data sources and are significantly more secure than browser-based solutions

  • I agree with Avigdor and Sandip, but add one caveat. These publicly hosted sites are targets for the most talented hackers in the world. Meanwhile, unless you are a Global 2000, the chance that your in-house data center will be the target of a hack if you have an appropriately configured firewall is very small.

  • Really broad statement but generally true. If you extend the discussion to SaaS vendors, then I'll say that not all SaaS vendors are created equal in terms of security and reliability...just like not all enterprises are equally secure or reliable. The problem with SaaS is that the perceived barrier to entry appears to be low - just host it and they will come....but the work needed to provide security, scale and 24x7 availability takes years to hone.

  • Theoretically, cloud companies should offer greater security capabilities than most in-house IT departments. Of course, this depends on the level of security skills resident in the in-house IT department and the security discipline within the cloud computing company. So, the IT/business decision-maker within the user organization must make an honest assessment of their in-house security capabilities and priorities, and thoroughly evaluate the security capabilities and commitments of the cloud computing vendors.

  • Agree with Jeff but also agree with Andree - Broad statements are just that - generally true - but your mileage may vary.

    I can’t believe I have a chance to add the "Willie Sutton rule". While not exactly factual and more folklore than truth, it goes something like this. "Willie, why did you rob banks? Answer "Because that was where the money is".

    High profile Cloud and SaaS companies are aware that they may be a hackers big prize and therefore a potential target; right after financial and the government institutions of course.

    Electronic security is a race to stay one step ahead of the bad guys and it requires continuous investment and review of the entire information chain. Studies have shown that the big gaps are still more in apply good policy (shared passwords, lost laptops without password protection, disgruntled employees...) than the security technology itself, but that fact doesn’t give anybody in the data center for a Cloud or SaaS company a warm and fuzzy feeling. In our business, it pays to be paranoid.

    Theoretically cloud and SaaS companies "should" provide excellent security as it is critical to their survival and they can spread the costs of staying up to date across a larger audience. For mid market companies, this can be especially true.

    On a closing thought, one my more clever professors used to say...?He was 99% sure of his calculation to the nearest order of magnitude.? For electronic security I think the 99% would be around the fundamental soundness of the electronic security available today in the authentication, application and database security. The “nearest order of magnitude" caveat would cover the overall policy that surrounds data security from end to end with a keen focus on who can easily downloaded data to a laptop, flash drive or other mobile devise that can then easily walk out the door.

  • How do you select a SaaS provider that can consistently deliver sustainable service levels, secure infrastructure and business continuity?
    Leading experts from public and private organisations will discuss this and other key industry issues at the Business Cloud Summit in December. More details here: http://www.businesscloud9.com/summit

  • I am not too confident about the statement. Two recent incidents raise a lot of questions about the data security in Cloud. The first one is Microsoft losing data for T-Mobile Sidekick users( http://www.pcworld.com/businesscenter/article/173886/sidekick_data_restoration_still_not_underway.html ) and the second one is Google voice mail messages appear in public domain ( http://www.computerworld.com/s/article/9139562/Google_moves_to_halt_search_engine_access_to_Google_Voice_messages). Should the Service providers take the responsibility of Data Security or the users are having unrealistic expectations? As soon as the data goes out of your IT shop, you lose your control not matter what the service providers promise.

Add a Reply

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT