RSA Panel: Cloud Security Nothing to Fear

Written by Michael Brown 1
March 3, 2014

Breaking news: Businesses are concerned about cloud security. Okay, it's not breaking news, but it was the topic of discussion at last week's RSA panel. In this post, we explain its significance to managed service providers.

Last week, we highlighted some of the more intriguing topics of conversation at the annual RSA conference in San Francisco. Ironically, none of those topics are really making headlines now that the conference has ended. Instead, the big story is one that we’ve heard time and again form those on the inside. That message is this:

Cloud security concerns are overblown.

That one-liner also happens to be the headline of a ComputerWorld.com article recapping the event. I wanted to take a closer look at not only what the experts had to say regarding cloud security concerns, but also how it relates to MSPs going forward this year. Below are quotes from the experts and the author (in italics) followed by our own commentary.

Any lingering questions by IT security pros about data security and privacy of cloud computing will be allayed just as concerns about virtualization were in the past.

This is an excellent analogy – and one that shows that no IT concern is insurmountable. Just as businesses overcame their fears of virtualization, so too will they with regard to the cloud. As John Pescatore, director of research at the SANS Institute, put it: "The horse is largely out of the barn. There is no debate about whether we are going to use the cloud.”

An Intermap survey of 250 decision makers at medium and large companies found that 40 percent of those who described themselves as "cloud-wary" cited security as their biggest impediment to adoption. In contrast only about 15 percent of "cloud-wise" respondents felt the same way.

Of all the studies we’ve examined in the last five months, each one (without exception) showed the same behavior and outlook: Those who had already adopted the cloud far less concerned about cloud security than those who hadn’t moved to the cloud. If the numbers were reversed, then MSPs would have something to worry about. Until they do, the cloud migration will continue.

Despite all the fears about cloud security, there are few instances where enterprise data was compromised because it was moved to the cloud, he said. In fact, a vast majority of enterprise breaches involving cloud providers, stemmed from enterprise failures and not cloud provider faults.

A very important point, especially for MSPs. The transition is perhaps the one phase that worries clients (and potential clients) the most. But as the article points out, albeit with no hard numbers, the transition process has proven to be relatively stable and secure. And in instances when tings did go wrong, it generally had nothing to do with the cloud vendor themselves. When we find hard numbers to back this up, you can bet that we’ll be taking a much closer look.

"The cloud is not an all or nothing strategy," said Eran Feigenbaum, director of security for Google Apps. By properly classifying data and moving public and sensitive data to the cloud, companies can do a better job protecting the really critical information internally, he said.

We saved the most relevant quote for last. Even if clients cannot get past their fears – if they cannot convince themselves to adopt the cloud despite all the known benefits – you can reassure them that it’s not an “all or nothing” strategy. The process can be gradual – and it can start with cloud-based file sharing.

Sometimes, no news is good news. And with regard to the security fears of cloud computing, it’s good to hear that the experts agree.