Despite cloud security fears, the ongoing epidemic of data breaches is likely to simply push more enterprises towards the cloud.
That’s the assessment of Tim Jennings, Ovum analyst, who says that the trend is an indicator of the increasing maturity of the cloud environment.
“Given that data security and privacy concerns have been an inhibitor during the early stages of cloud adoption, it is somewhat ironic that the continued spate of high-profile customer data breaches is likely to push more enterprises toward cloud services,” he said, in a blog. “One can envisage, therefore, pointed conversations within boardrooms as CIOs and chief security officers are questioned about the likelihood of their organizations being the next to suffer reputational damage through the exposure of customer data. Many organizations will conclude that using the expertise of a third party is a more reliable approach than depending on in-house resources.”
He added that the main issue is not necessarily the fact that the breach has occurred, because some degree of vulnerability will always exist, but organizational response is varied—and in many cases wholly inappropriate because of a lack of security expertise.
“Many have been like rabbits caught in the headlights, seemingly having little insight into the root cause of the failure, the extent of the consequences, or the actions required for remediation,” Jennings noted.
In many ways, outsourcing to someone with better answers should seem obvious. Modern cloud providers have invested large sums of money into end-to-end security, covering the physical security of the data center and encryption of customer data through to highly automated patching and sophisticated security intelligence.
“It is unrealistic to expect even very large enterprises to replicate this environment,” Jennings said.
He cautioned however that this does not necessarily mean that adopting a public cloud environment is safer.
“It may be that enterprises prefer to use either an on-premise or virtual private cloud, while still taking advantage of a specialist provider’s management and security capabilities. Nor does it mean that the responsibility for security and customer data passes away from the enterprise—even though the delivery of these capabilities is in the hands of the third party, governance and control must be retained in-house.”