Keeping it local
Companies increasingly want to keep it local. In the US and other large countries that makes little sense, but in Europe it's becoming a noticeable trend. "There is a clear trend in Europe towards vendors with data centres in the local countries, non-US based vendors or private cloud offerings," says Adelberger. Companies want to know where the data resides, and what security level is provided.
The knee-jerk is to trust on-premises data storage more than public cloud solutions, though the former comes with its own cons. "If the company uses a highly secure firewall, an on-premise solution will likely be quite secure," says Adelberger, "but the disadvantage is not security, but the lack of availability, and the risk of data loss in case of disaster."
If an IT infrastructure gets destroyed, everything that was on-premise is lost. The advice for any company not ready to face the cons of on-premises or of the public cloud are simple – opt for a virtual private cloud.
Microsoft's message
Satya Nadella, CEO at Microsoft, insisted recently that his company pumps $1 billion (around £660 million AU$1.4 billion) into security R&D annually, including for its Azure public cloud.
"As a high-profile operation Microsoft has long been a target for attackers, and with the cloud and mobile the baseline for the company strategy, the security stakes are increasing," says Angela Eager, Research Director at TechMarketView. "Microsoft needs to protect its assets and its customers, of course, but the renewed security strategy will also help push its cloud services, especially Azure where acquisitions have been made to bolster security," she adds.
Microsoft is looking to build an Azure Rights Management Service using its recent buyout of Secure Islands (which secures data for UBS, Vodafone and Credit Suisse).
"Microsoft's message is that it can be trusted to do its best to provide protection in a perimeter-less environment," adds Eager, who thinks that the new reality is that the cloud and mobile devices makes every supplier a security supplier.
Staying in control
The fact that the cloud can be used by non-IT-savvy staff is a good thing – that's kind of the point of it. However, it's got to be compatible with the security policies set up by the IT team.
"IT needs to stay in control of company data and its flow," says Adelberger, who recommends using cloud access security broker products. "But still IT needs to make sure that all access from all devices involving company data really go through that solution," she adds. "If not, a company can offer their employees an alternative solution using a private cloud."
If widespread use of Dropbox comes to the fore it's not time for a crackdown by IT, it's time for a rethink.
Abandon the cloud?
Security concerns are no reason to abandon the cloud, but the public cloud is only secure if a company explicitly makes it so. "There are so many different offerings nowadays," says Adelberger. "Know your requirements, demand transparency from the solution provider and don't risk your business."
However tempting the public cloud may be, the level of security, privacy and service will drastically differ. Companies paying by the gigabyte should be careful, thinks Adelberger, who adds: "There is no such thing as a free lunch."
