The hype about cloud computing is such that you can be forgiven for thinking that cloud adoption is universal. The truth is somewhat different! Despite the hype and the column inches dedicated to cloud computing, we are only scratching the surface of cloud adoption.
Currently, the majority of corporate cloud adoption is around Software-as-a-Service (SaaS). Things like Office 365 and Salesforce.com are prime examples of SaaS. This is to be expected as buy-in can be very cheap with implementation totally separate from the rest of corporate IT.
However, the real promise of cloud is much more than SaaS. Cloud is a transformative technology where the norm will be to move computing power and infrastructure between on-premise resources, private cloud and public cloud. However, we are not there yet with many IT managers expressing doubt and nervousness about moving their on-premise computing into the cloud.
There are basically four common fears of cloud adoption that occur most often in cloud:
Security is the number one fear we hear when people express reticence to move to cloud. This is entirely understandable, and directly related to the feeling of letting go. Essentially you are placing your company’s most valuable asset, that is, your data in the hands of an “unknown” party. In the case of public cloud, there is the added worry that it may be on a shared physical resource. When it comes to security concerns of cloud adoption though, the reality is that cloud providers often have more resource and knowledge of security than the most well staffed IT departments. Even consumer-grade public cloud can have stronger security than the average SME IT department. When you partner reputable providers that offer enterprise-grade cloud services, the security of your data and infrastructure is strengthened rather than compromised.
That said, the same rules still apply. As with on-premise IT, it makes sense to use the services of an external security tester. This good practice should remain in place even with the most secure cloud hosted services.