We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.
Start a Discussion
Cloud Computing

Do you agree that data in the cloud is now safer than in-house?

Vote 0 Votes
Do you agree, as this blog contends, Cloud computing offers 'no data security fears,' that data in the cloud is now safer than in-house?

10 Replies

| Add a Reply
  • Sorry, no I dont. I also dont think many organisations think that either. Because of this, and a number of other reasons, I think we will see more organisations opting for private clouds as opposed to "public clouds"...

    Organisations are like people, we like to feel we have 100% control over most aspects of our lives, and in organisations terms, content...

  • Technically this might be true but as the saying goes "perception is reality" and the same applies to Cloud Computing.

    So while Cloud providers might be the most technically capable of securing data (the reality), organizations will still continue to be very leary (because of their perception) of actually letting go of their control over the data by putting it in the Cloud. In their defense, though, data security is not just limited to technical ability. Rather most of the complexity is actually around legal and privacy issues, which have yet to be figured out adequately such that organizations can adjust their perception.

    The issue of perception is not just a challenge for Clouds. I still encounter people (even in the technology field) who do not use online banking in fear that their account information might be exposed. These same people will not trust SSL to protect their credit card information over the Internet but will happily hand their card over to an unknown person to take into a backroom to pay for their meal. And they do so knowing that with the right equipment it would only takes a few minutes to make a complete working copy of the card!

    The real question then is not whether Clouds are safer than in-house data centers but rather if they are perceived as such.

  • I think the question is a bit of a red herring.

    At the end of the day, each organization is responsible for securing their data whether it's hosted on site, at a third-party hosting facility or in the cloud. Companies who didn't have good processes/frameworks to do this internally won't get a magical fix from the cloud. And companies who are hoping for the magical fix may end up with a worse situation than they have today.

    The cloud is not inherently more secure or insecure than on-premise, although smaller companies may be able to "afford" better data protection and backup solutions through a cloud provider than what they would buy themselves. Security just needs to be addressed differently.

  • Short answer: No.

    Longer answer:
    I agree with Glen that this question is a red herring. Data is only as safe as the organizational practices and solutions used to safeguard it - regardless of where it may be located. What's missing in public cloud computing environments is control and flexibility over the deployment and configuration (and often times verification) of proper security controls on data. But that lack of control and flexibility says nothing about the inherent security posture of either environment.

  • I too agree with Glenn's answer, but would add that many organizations still do not invest appropriately in cyber security. For many cyber security is still about just locking the doors and windows, but not realizing that threats are not always malicious. I heard of a major corporation being shut down for three days by a drop of water from a leak getting into their storage shelf. One would hope that Cloud providers offering storage-as-a-service would also offer consulting on how to better prepare for disaster. Understanding all the facets of cyber security risk is complex and sometimes expensive to respond to. For some companies not prepared to meet the levels of expense and time to ensure these risks are appropriately managed, they may be far better off with their data in the Cloud.

  • I agree with the others, but will add this. In general, those who specialize in data security do a better job at it than those who don't, and the cloud offers this kind of specialization. So, if your core business is not data security, chances are your data will be safer in the cloud.

    The cloud is still maturing, though, so quality can vary greatly among providers. Much like SOA services, cloud services have to be designed carefully. The stakes are high when your data is beyond your reach, so, naturally, folks are looking for guarantees.

  • I have a slightly more nuanced reply and perhaps not completely agreeing with all the preceding comments. I would say (subjectively) that the level of data security offered by cloud providers typically exceed the level of security of most SMB organizations.

    However, this wouldn't be true of larger enterprises who typically provide rigorous security in terms of network security, host level security and also internal security auditing.

  • I agree with the general opinion here that Cloud data stores are more secure and persistent than most (SMB) in-house data stores. This is further augmented by evolving legislation that clarifies the undertakings, responsibilities and liabilities related to Cloud data storage.

    But the dark side of all this is hacking and misuse. My bottom line is that unanimous (and preferably encrypted) data is often more secure in the Cloud, but I still prefer to keep individual and named data in on and off site data stores.

  • I think it would also be valid to admit that security ratings between public and in-house cloud can tip in each others favor at any given period from now till beyond.

    Saying that one will completely have edge on the other is like putting a lid on innovation potential of organizations to develop security solutions of their own which is not to be discounted (although I would not bet big money against major cloud providers slacking on their core business even as it is always possible).

  • As with all inflammatory questions, the answer is "it depends."

    In the cloud, you may not know when you've been compromised since you don't have access to admin-level logs from the cloud provider, and Google recently had an admin look at users email accounts, while MSFT had a misconfiguration error that allowed customers to see each other's cloud data (briefly). There is also the issue of data motility, when the provider moves data around without you knowing it, and without you having the ability to over-write disks that are no longer holding your data.

    On the flip side, the cloud providers I've worked for (Exodus, Cable & Wireless, Savvis, Speedera/Akamai, and some smaller ones) have all had better security processes and procedures than all but the highest level enterprise IT shops.

    At the end of the day, if you encrypt in the cloud, and on the way to the cloud, you're probably better off than if you don't use the cloud at all.

Add a Reply

Recently Commented On

Monthly Archives