Google has said customer data is more secure in the cloud, rather than on a business's own network.
Businesses such as HP have expressed concern about storing their important data on another company's servers. But in a blog post on Monday, Eran Feigenbaum, director of security at Google Apps, one of Google's cloud-based services, argued that data can be more secure when stored and accessed online.
Feigenbaum used the analogy of storing jewellery in a bank rather than at home. "Cloud computing, when IT software and services are delivered over the web and through a browser, is a paradigm shift, similar to taking your jewellery out of your sock drawer and placing it in the bank," wrote Feigenbaum.
"The bank has the economies of scale. It has guards, robust safes, video surveillance — much more than any security investment you can deploy yourself."
Feigenbaum went on to argue that the loss of data through human error can be avoided if documents are stored online. In addition, he said businesses using cloud services need not worry about patching security holes, and that the distributed nature of cloud data-storage makes data recovery more robust.
No system is foolproof, Feigenbaum acknowledged, pointing to privacy problems Google users had following a Google Docs update error in March. The glitch inappropriately shared access to a range of word-processing and presentation documents stored in Google Docs. However, he said that as it was a cloud-based service, Google was able to respond to the issue quickly and customers did not have to patch or otherwise install software.
Security experts on Tuesday were cautious about Feigenbaum's assertions. Richard Clayton, a Cambridge University security expert and government IT security advisor, said the strength of cloud security was not clear cut.
"It depends, it's neither black nor white," said Clayton. "It's generally true that if you put data in the cloud it's probably going to be more secure than if you leave it lying around the office or on a laptop in your car."
However, Clayton gave the example of Microsoft losing T-Mobile Sidekick customers' mobile data in October as to how data outsourced to a cloud service can be lost. Contacts, calendar information and photos were among the data lost following a server failure.
"You can't do your job without a contacts list," said Clayton. "It's pretty scary."
Clayton said that while he would recommend cloud services to small businesses, he did not expect GCHQ to be putting data in the cloud anytime soon.
McAfee security expert Greg Day echoed Clayton's comments, saying different organisations had different IT security expectations. Day said there were economies of scale to be made in the cloud akin to storing money in a bank "rather than stuffed in a mattress".
"Different businesses have different definitions of what is secure," said Day. "There's clear logic in economies of scale, but the risk is that the cloud is a more visible target."
Day added that he expected businesses to sample cloud services before committing.
Talkback
It is time google, amazon.com, salesforce.com and other enterprise cloud players "demonstrate" their security measures to the CIOs of enterprises. A conference / meet is what is now needed.
regards
Sanjay
It seems to make sense that data would be safer, but I fail to see how human error can be avoided. Your OS was crafted by humans, as is your browser. Integrate your browser tightly to the OS and data can be stolen easily, regardless of the size of your organization. Any time human interaction is involved there will be a security risk. I can't think of a scenario where security can be perfected.
If something is sufficiently valuable - whether it be physical objects or 'mere' data, there is no such thing as 'secure', as Securitas discovered when their guy had his entire family kidnapped and threatened - I just wish someone could get this through the thick sculls of our (supposed) government.
Are just another peace of the jigsaw, and you would be mad to store all your eggs in one basket.