While security concerns are holding some organizations back from the cloud, other companies are finding better security in the cloud, solution providers and industry experts said.
"For most of our customers, the cloud is going to provide a greater level of security than they have in-house," said Allen Falcon, CEO of Westborough, Mass.-based Cumulus Global, a cloud provider and premier Google Apps SMB partner.
The Google Apps environment, for example, has multiple certifications, including ISO 27001 and SSAE-16, he said. "That's a level of security planning and design that most small and midsize companies don't do and probably couldn't afford to," Falcon said.
Small and midsize businesses are especially ready to adopt cloud products and services to take the pain out of maintaining software and systems themselves, said Rob Delevan, East Coast national account manager at Wasatch Software, a Salt Lake City-based solution provider.
"For many smaller clients it's not even a choice, it's an obvious decision," Delevan told CRN. "You need skilled people, but where do you get them and how can you afford them?"
In fact, companies of all sizes that lack a mature security program and don't have enough in-house personnel to manage security see the cloud as a destination for their critical applications, said Omar Khawaja, management principal of global security at Verizon Terremark. They recognize that a carefully selected cloud provider can do a better job at keeping their data secure than they can, he said.
"The number of threats, malware and viruses continues to rise at a much greater pace than organizations are able to hire folks with the right skills or to train existing folks to have those skills," Khawaja said. "For them, it's much easier to move their sensitive information to a cloud provider instead of hiring the 10 or 15 folks that it would take to have security in each of the domains they'd need expertise in."
And despite some perceptions of cloud providers as less secure than on-premise IT, a study by Houston-based network security vendor Alert Logic found that service provider-managed environments did not encounter a greater level of threats than on-premise environments.
The report, issued last fall, studied incident data from more than 1,600 customers and found that organizations using Infrastructure-as-a-Service from a service provider saw Web application attacks, brute force password hacking attempts and general reconnaissance activities targeting the hosted data. Meanwhile, organizations choosing to keep systems on-premise faced more malware and botnet threats in addition to the brute force password cracking attempts and Web application attacks.
"While there are many factors to weigh when deciding whether to move infrastructure to the cloud, an assumption of insecurity should not be among them," Alert Logic said.
"Given the prevalence of unsophisticated attacks, such as brute force and reconnaissance, in both cloud and on-premise environments, and across all industries, the fundamentals apply: multilayer security, close attention to basic management practices, such as patch management and upgraded operating systems, and use of monitoring and defensive technologies to identify and stop attacks," the company said.
PUBLISHED FEB. 25, 2013