Gartner: Cloud Security Is Better Than What You Have Today


Cloud-based computing will be more secure than on-premise computing and anyone who thinks they have control over their IT is just kidding themselves, according to Neil MacDonald, Gartner vice president and fellow.

"Like it or not, you are losing control. Any control you have is just an illusion," MacDonald, told an audience of CIOs at Midsize Enterprise Summit West in San Antonio, Texas.

He noted that 70 percent of companies outsource their benefits management and payroll processing, information that needs to be secure. "The idea that we outsource sensitive data and lose control ... we're already doing that," MacDonald said. "It's the same thing with CRM. . "It's the same thing with CRM. Salesforce.com has 80,000 customers and two million users. Isn't customer data some of the most sensitive data you own and yet we open it up and put it in control of others."

MacDonald noted a number of other areas where "cloudification" is already prevalent: collaboration, mobilization, consumerization and virtualizaton.

"We're tearing down the walls of our enterprise. The mobilization of the workforce demands anytime access. With consumerization you can [reach] corporate assets from any type of device. Users are demanding this," he said. "If you extend that mindset, if the workload can move from this data center to that data center, heck we might as well just move it to Amazon. All of these are taking place simultaneously. Increasingly, we do not control elements of our IT infrastructure. Cloud is just one element of that, and yet we're fighting it."

Securing information is not the same as controlling that information, MacDonald said. "Can we achieve that type of protection as we embrace cloud? I believe we can. In the past we had the idea that control is a proxy for trust. If I have control, I trust. If I don't have control, I don't trust. But that assumption is flawed. I have devices that I can control that can be infected. Cloud challenges these assumptions," he said.

Organizations need to build their IT infrastructure based on resiliency, not on preventing failure, MacDonald said. "Failures happen. Individual devices, hard drives, are going to fail. But what I build in a cloud-based service is the resiliency of the outcome, regardless of the individual device. It doesn't matter what caused the component to fail when the design is for the resiliencey of the outcome."

 

Next: Security Baked Right In