Where are the clouds?

The NSA is clearly not making life easy for cloud service providers or our faith in them. If a company's crown jewels are its IP, it is therefore hardly likely to want its design teams to be using the cloud as a working platform. It appears however that the perception of a data breach in a cloud-based environment is far stronger than the reality of cyber crime. Moreover, data centres come with different levels of security and safety, and are managed by people whose job it is to do just that, rather than a host of IT and IT related jobs as is typical in an SME environment. The point that struck home with me, made during a conversation with the CIF, was the perception of security being impregnable when using on premises servers. Data centres have strict access regimes – biometric authentification and the like and then only for a very few people. When I think of all the sites I have visited with their own server rooms, you have to ask how secure they are. More often than not it would be difficult for people outside the company to gain access, but generally staff could have their evil way with them if they so desired. And then what back-up is there in case of fire or flooding? Hacking into data that is floating around the ether is another matter of course, but in terms of physical security of data, maybe external hosting is more secure than you may have imagined – or on-site services are less secure, depending on your viewpoint.