Advocates and adversaries of cloud computing have long debated if the environment can provide adequate or in some cases exceptional security for enterprise IT, data and assets.
Of course, cloud environments vary among private, public and hybrids of both. But recent cloud survey research shows for many of 542 IT decision makers polled, today’s cloud computing options offer better security that some IT organizations can provide in house. The study found that 98% of enterprises surveyed believed the cloud met or exceeded their expectations for security, and the finding was true across several flavors of cloud – IaaS, PaaS and SaaS. Nearly one-third also indicated that “security has been less of an issue than originally thought.” And “enhanced security” was cited by many as a primary objective when implementing IaaS (38%), PaaS (38%) or SaaS (41%).
The study’s findings stand in direct opposition of the much publicized belief that security poses one of the most significant barriers to cloud adoption. (It must be noted that the same study did reveal that 46% of those surveyed cited security as the primary reason they will not move an application to the cloud.) That being said, the findings still mark a shift in the cloud/security debate, which was touched upon recently in a #TechViews Twitter chat (hosted by @TrendsinTech) on cloud and mobile security. The chat drew some 52 contributors and more than 465 Tweets on the topic.
To learn more about this shift, the chat asked: “Some say security is a hindrance to cloud, a recent study showed some say cloud security is a top benefit of cloud. Why would this be?” Responses pointed to the very nature of IT security and the risk of data living on mobile devices, cloud environments and even within enterprise data centers. The chat proved there is no one answer.
When it came specifically to cloud, several of the chat participants said cloud is not the problem with security and vice versa. Ron Miller, a freelance technology journalist that participated in the chat, said the negative perception of cloud security is part of a broader miscommunication on the topic.
“Part of it is an ongoing flood of cloud security FUD. It’s self-perpetuating like the Bermuda Triangle story,” Miller tweeted. And he then followed up with, “It’s maddening really that these myths live on. There are breaches everywhere: cloud and private data centers.”
Cloud security could in fact be better when provided by vendors building data centers to serve and secure data from multiple clients, chat members pointed out. The security of the environment depends on many factors, one of which might not be whether or not it is in the cloud or the enterprise.
In fact, some IT organizations could find the security expertise at a cloud provider more advanced than their own in-house capabilities if budget or staff constraints have them working with the “do more with less” mentality. The problem lies in the attention public cloud outages get and the very real ramifications of putting customer data at risk. Still chat participants said the number of public cloud outages is far fewer than the number of incidents that happen within enterprise companies that also put critical data at risk.
And the chat revealed more of the shift that the study uncovered earlier this year: IT needs to change its mindset to embrace today’s disruptive trends.
Implementing cloud represents letting go of some control, but it doesn’t necessarily mean it is also increasing security risk. These risks reside everywhere; think of the numerous public breaches revealed to be insider attacks. IT needs to find better ways to secure data that also enable end users and customers to embrace new technologies. And to do that, IT needs to evolve its security approach – because in reality, the feeling of control when it comes to IT security could be just an illusion in some IT organizations today.
Read the entire #TechViews Twitter chat on cloud and mobile security here.