Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.
For
Pete Nicoletti, CISO, Virtustream
Security isn't a core competency of most enterprises, but it's the central foundation for cloud service providers which support large enterprise clients. By performing threat and impact analysis using advanced tools and feeds on a 24/7 basis, they are able to immediately identify and address threats. They also have the proper frameworks in place to maintain the highest levels of compliance and auditing. Companies that want to grow their business, have the highest data availability and protection levels without unnecessary overhead IT costs, need to get their heads in the cloud.
Against
Dan Timpson, VP of technology, DigiCert
Not all cloud service providers are security experts. Many do it right, but others have work to do. When one uses a cloud service, what guarantees does that offer that the data is stored and transmitted securely? Does the cloud provider have strict security policies in place?
On-premises solutions give users 100-percent control over their own SSL certificate keys and critical system security, and then it's their responsibility to ensure privacy and data security. With on-premises, one has better visibility into the lifecycle of one's own data and where attacks are coming from.
It's possible for organizations to connect on-premises solutions to cloud services in a secure way that enhances data management and meets security needs. The key is selecting a security-focused cloud service provider that supports data security best practices. Choosing a provider that is audited, participates in data security industry groups, and has been proven in its security efforts actually enhances the security of on-premises solutions.