In multiple Gartner surveys, security is cited as the number one inhibitor to the adoption of Cloud-based computing. Many IT professionals have a preconceived notion that cloud computing will be less secure than what they can deliver themselves on premises. This is a mistake.
An absolute statement that cloud computing will be less secure is as wrong as an absolute statement that cloud computing will be more secure.
Both can and will be true.
How could cloud computing be more secure? There’s a variety of reasons – 15 to 20 that I have researched. I presented on this very topic and explored many of these reasons in detail at Gartner’s US Fall Symposium 2010 conference in a session titled “Why Cloud Computing Could Be More Secure Than What You Have Today”.
If (and that’s a big “if” and currently places a large amount of due diligence on our part to ensure this) the cloud service provider does their job right, they will deliver at least as secure of an operating environment as what most enterprises can deliver.
Recently I saw a report (The State of Cloud Security) from Alert Logic with data from a survey they initiated to back up the notion that cloud computing can be more secure. Disclaimer – Alert Logic provides solutions for cloud service providers as well as some enterprise customers so (as I do with an vendor-sponsored study) you have to take the results with a grain of salt. I’ll keep my eyes open for independent surveys that either support or disprove the assertion that cloud computing can be more secure. Take a look at the chart below:
The interesting thing about the data is that Alert Logic has both traditional enterprise and cloud service providers as its customers, so the survey was able to compare across these. At least for Alert Logic’s customers in this survey, the percentage of customers experiencing security incidents was lower across the board in all categories for service providers than it was for their on premises enterprise customers.
Don’t make the mistake of automatically believing the conventional wisdom that cloud based computing will be less secure. Well managed cloud service providers won’t be.