When it comes to discussions around cloud computing in Europe, security often the tops the list of concerns. It seems that despite the many clear benefits of the cloud, organisations can’t seem to shake those security worries. What exactly are they worried about – is it regulation, or control? What can companies do to protect their confidential corporate data in the cloud?
That’s exactly what the Financial Times sought to find out in its Twitter debate yesterday on cloud security. The Twitter chat saw a number of influencers -- as well as our team at @Okta -- from across the globe gather to discuss topics such as shadow IT, multifactor authentication and security breaches in the cloud.
Perhaps one of the most interesting points of discussion was whether legal issues, such as data privacy, are causing European companies to question if they can put their data in a U.S.-based cloud provider. Not everyone shared the same view, but these legal issues are causing valid concern. Organisations now need to decide which information is appropriate for the cloud and what needs to stay within the corporate boundaries. Not because it is less secure in the cloud, but because regional laws dictate that this is the way it must be -- and cloud vendors need to be ready to support both cloud and hybrid models.
Another topic of debate was whether data is more secure in the cloud or on-premise. Despite common concerns around the cloud, the consensus here was clear: most information is actually safer in the cloud than a lot of the costly on-premise infrastructures. Why? The answer is simple: when it comes to cloud security, cloud vendors have to build secure data centres because they’re independently audited and used by hundreds to thousands of tenants all on subscription services. (No one’s going to renew a subscription for a company not keeping them safe!) Add this to the reputational and business damage that a cloud provider would suffer should their data not be secure, and it’s easy to see why it’s in their vested interest to uphold high levels of security.
From this conversation, it seems that rather than worrying about whether data is secure in the cloud, perhaps the emphasis on the next Twitter debate should be on choosing the most secure cloud provider. It would involve looking at vendors that are not only independently security audited, but can support a hybrid model that allows organisations to keep their data where is has to be -- providers with availability, resilient infrastructures and customer success stories to validate its claims.