Cloud computing has become the hot technology du jour. While there may be many contrasting definitions of what cloud computing is, the fact remains that your organization, along with most of the Fortune 500, is likely investigating, implementing or already using some type of cloud-based service. From CRM and payroll to supply chain and collaboration the cloud has made great inroads to corporate America.
And why not?
The advantages of cloud computing are many. Access on-demand, pay-as-you-go, rapid deployment – cloud-based services solve many of the challenges that have fraught IT for decades. For companies that adopted the cloud early, the juice has been worth the squeeze.
But despite this success there has been one area of the cloud where businesses have been hesitant to go – security.
For those things that need to be secured, or for those things that do the securing, many organizations have felt that they should, or could do a better job. And after all, security is one of those things that you don’t outsource, right?
First, not all cloud security providers are created equal, and not all cloud providers go to the same lengths to protect your assets. Secondly, when there’s an incident at a cloud provider, it tends to be catastrophic. I read a great analogy somewhere comparing cloud security to flying in an airplane – there are very few failures, but when they happen they’re major disasters.
All that being said, there are natural characteristics of cloud and cloud security providers that give them fundamental advantages over on-premises solutions. Here are a few:
- Availability – In most cases, cloud providers have invested in infrastructure far beyond what your organization is will to develop. In many cases cloud providers are required by law to implement security controls beyond what a client would normally do due to the nature of their business.
- Isolation – A databreach, malware outbreak or other incident at your organization may have less impact because some of your assets are in the cloud. If your critical datastores all live on different networks, it becomes more difficult for incidents to span multiple repositories, and a local disaster won’t impact assets stored elsewhere.
- Specialization – Cloud security providers generally do one thing – security. You may suggest that your security team is in the same position, but I submit that they also go to meetings, work on projects and get sick once in a while. Your security resources are also most likely spread among many different security disciplines, or worse – spread among security and other IT groups. The right provider will be on 24x7x365 and will be doing one thing all the time.
- Transference – Not all risks are mitigated with hardware and software. A well written contract will give you even stronger controls over your assets than if they remained within your four walls. Ensuring contractual right-to-audit will give you peace of mind.
Whether you’re a fan of cloud computing or not, you probably will be. The early stumblings of SaaS and other like solutions are giving way to reliable providers with excellent Service Levels. Selecting the right provider still requires due diligence, but looking under the covers won’t be as nasty as it used to be.
And don’t forget that the first Savings Bank didn’t have armed guards or a vault, but it didn’t stop early Americans from putting their money in it. Go forward, and cloud.