One of the main concerns about the cloud is security. In our view, this concern is misplaced and a well managed cloud service provides levels of security well above what can normally be found in internal systems.
A good way to look at this is to consider whether it's better to keep your money in a shoebox under your bed or safely in a bank vault? If your money is under your bed it's under your ultimate control and you (think you) know exactly where it is, but how good are your door locks and do you monitor it all the time? In a bank vault you are trusting someone else to look after your money, but the locks are a lot stronger and there are security guards and CCTV monitoring it all the time.
The same is true when you entrust your data and your service to a good SaaS provider. They can afford to spend a lot more resources; money, expertise and time, than you probably would in protecting your data as the cost is spread across many companies. They will have better physical security on the servers, multiple layers of firewalls, intrusion protection systems, vetted staff, constant monitoring of logs, external auditing and so on.
Even if your company has already invested in some of this equipment, do you really check those logs each and every day or are they only looked at after an incident has occurred? Do you know the difference between normal and malicious traffic on your network? Do your employees think about security every day and are they experts in the field?
This is probably best said by Vivek Kundra, former US Federal CIO "...cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cyber-security personnel of a higher quality than many governmental agencies," (source).
- Cloud security fears exaggerated, says federal CIO (infoworld.com)
- Six mistakes of log management (slideshare.net)