Be wary of the cloud but don't think on-premise is always safe

Holding data on-premise is no guarantee of security according to the latest survey

Who do you trust in the cloud?

That’s at the heart of many of the concerns about cloud computing – the worry that you’re sending your data to somewhere quite unknown, where persons unknown may or may not have access to it. There are many concerns here: whether customer data is safe and not being passed on to spammers and fraudsters; whether corporate data is safe and whether the company is, at all times, fully compliant with all the relevant data storage regulations. If you want to keep your data safe, is the message, keep it on-premise.

This is a widely-held view, supported by many industry commentators, but is that really true? According to a survey from Lieberman Software, IT techies in your company could well be looking at personal data right now. The Lieberman research suggests that a quarter of IT professionals not only have access to sensitive data but have actually pried into the gruesome details –what price security now?

And as Davey Winder pointed out in his blog last week, choosing multiple cloud service providers is no answer to the problem, the more people that have access to your data, the more likelihood there is of a breach in security.

Cloud service providers are very aware of the problems and go to great lengths to reassure customers and potential customers of the security within their own data centres. Talk to an executive from any cloud service provider about how that provider will meet these concerns and you’ll be met with a long list of safeguards and checks. These will include a rigorous recruitment  process, stringent monitoring of employees and a range of security procedures.

No-one is being blasé about the situation faced by service providers. Customers are right to be wary about cloud service provider’s structure and staffing procedures. As has been mentioned above, cloud service providers are aware of the concerns and will go out of their way to meet them.

There’s an awareness there but, as the Lieberman survey has revealed, keeping information in-house is no guarantee of absolute security. It is possible to guarantee 100 percent security – you keep a PC in a locked room not attached to anything and ensure that no-one else has access to it, but that’s not a practical solution.

In the real world, there are going to be weaknesses, it’s just a question of trying to minimise them. One company, Porticor, encrypts data so that it can’t be accessed by the cloud service provider and ex-Citrix CTO, Simon Crosby, is launching a new company, Bromium,

that promises to introduce new levels of security within cloud computing - although he's only giving hints at present - and there are plenty of other initiatives to meet customer concerns.

Of course, if a company is a 100 percent happy with its security procedures and can trust all its employees 100 percent, then storing data on-premise is going to be a secure option but businesses should quickly disabuse themselves of the notion that just being on-premise is secure in itself, because it just ain’t so.                                          

Read more about:

Sign up for our free newsletter