Reality or Hype: Cloud Lessens IT Security?

Twitter chat reveals many believe cloud can provide quality IT security.

Twitter chat reveals many believe cloud can provide quality IT security.

Advocates and adversaries of cloud computing have long debated if the environment can provide adequate or in some cases exceptional security for enterprise IT, data and assets.

Of course, cloud environments vary among private, public and hybrids of both. But recent cloud survey research shows for many of 542 IT decision makers polled, today’s cloud computing options offer better security that some IT organizations can provide in house. The study found that 98% of enterprises surveyed believed the cloud met or exceeded their expectations for security, and the finding was true across several flavors of cloud – IaaS, PaaS and SaaS. Nearly one-third also indicated that “security has been less of an issue than originally thought.” And “enhanced security” was cited by many as a primary objective when implementing IaaS (38%), PaaS (38%) or SaaS (41%).

The study’s findings stand in direct opposition of the much publicized belief that security poses one of the most significant barriers to cloud adoption. (It must be noted that the same study did reveal that 46% of those surveyed cited security as the primary reason they will not move an application to the cloud.) That being said, the findings still mark a shift in the cloud/security debate, which was touched upon recently in a #TechViews Twitter chat (hosted by @TrendsinTech) on cloud and mobile security. The chat drew some 52 contributors and more than 465 Tweets on the topic.


To learn more about this shift, the chat asked: “Some say security is a hindrance to cloud, a recent study showed some say cloud security is a top benefit of cloud. Why would this be?” Responses pointed to the very nature of IT security and the risk of data living on mobile devices, cloud environments and even within enterprise data centers.  The chat proved there is no one answer.

When it came specifically to cloud, several of the chat participants said cloud is not the problem with security and vice versa. Ron Miller, a freelance technology journalist that participated in the chat, said the negative perception of cloud security is part of a broader miscommunication on the topic.

“Part of it is an ongoing flood of cloud security FUD. It’s self-perpetuating like the Bermuda Triangle story,” Miller tweeted. And he then followed up with, “It’s maddening really that these myths live on. There are breaches everywhere: cloud and private data centers.”

Cloud security could in fact be better when provided by vendors building data centers to serve and secure data from multiple clients, chat members pointed out. The security of the environment depends on many factors, one of which might not be whether or not it is in the cloud or the enterprise.


 In fact, some IT organizations could find the security expertise at a cloud provider more advanced than their own in-house capabilities if budget or staff constraints have them working with the “do more with less” mentality.  The problem lies in the attention public cloud outages get and the very real ramifications of putting customer data at risk. Still chat participants said the number of public cloud outages is far fewer than the number of incidents that happen within enterprise companies that also put critical data at risk.


 And the chat revealed more of the shift that the study uncovered earlier this year: IT needs to change its mindset to embrace today’s disruptive trends. Implementing cloud represents letting go of some control, but it doesn’t necessarily mean it is also increasing security risk. These risks reside everywhere; think of the numerous public breaches revealed to be insider attacks. IT needs to find better ways to secure data that also enable end users and customers to embrace new technologies. And to do that, IT needs to evolve its security approach – because in reality, the feeling of control when it comes to IT security could be just an illusion in some IT organizations today.


 Read the entire #TechViews Twitter chat on cloud and mobile security here.

What do you think? Does the cloud provide comparable IT security? Should IT let go of some control and embrace cloud with more critical applications? Is the belief that cloud security is poor hype or reality? Please leave a comment here and share your experiences.

Written by

Denise Dubie

CA Leadership

Denise is senior principal, content strategy at CA Technologies. As a former IT industry journalist…

Published in

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!

    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website.



  • king lear

    testing comment functionality, please do not publish this

  • Love the personal pic 🙂

    • CAHighlight

      Thank you!

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.

  • While the analysts were hyping DevOps, I posted the oversight of not including security as part of that discussion as you are highlighting here. Instead of just talking DevOps, it should be DOS (what’s old is new again 🙂 – DevOpsSec. As a previous AppDev person, it’s the app, who’s using it, why and where rather than the device and having the service available.

    As you rightly point, out Security should be baked into the solution.

    Nice Post and Timely!


    • CAHighlight

      Thank you for your feedback Michele. Agreed – security cannot be overlooked. Appreciate your input!

  • Mitesh

    I would love a printed copy

  • Lars Johansson

    I love the idea of BYOID! This makes me choose if I am almost anonymous (with my Hotmail Nicname) or official with identity from an official organisation. My Identity Provider will attach identity with right level of LoA according to the need of the Service provider.

    • CAHighlight

      Thank you for your comment. BYOID has tangible benefits for end users and relying parties but it also has to be weighed in the balance with potential risks and liability concerns. It will be interesting to see how BYOID plays out in the enterprise.