Sorry, cloud resisters: Control does not equal security

Many of those who push back on cloud computing citing security fears are doing their employers a disservice

Do you remember last Christmas? Target lost data from about 40 million credit and debit cards that were stolen at its stores between Nov. 27 and Dec. 15, the height of the holiday shopping period. Thieves tampered with the sales terminals' card swipers to gain access to the data stored on the magnetic stripe on the back of credit and debit cards.

And do you remember Sony's huge PlayStation Network security blunder that exposed as many as 100 million credit card numbers? It cost Sony big and required user account reboots.

[ From Amazon Web Services to Windows Azure, see how the elite 8 public clouds compare in the InfoWorld Test Center's review. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

What do all these security issues have in common? All are breaches that occurred from internal systems -- systems in which IT departments were in direct control.

The problem is that many people equate control with security. Many CIOs have told me they need to have complete control of their servers to ensure they're secure. Well, all major security breaches occur in systems that are under IT's "direct control." You never hear about them, unless they're as spectacular and far-reaching as Sony's and Target's breaches.

People who say they will not move to the public cloud due to the lack of control, which they argue means lack of security, are not living in the real world. Security -- cloud or not -- is measured by the amount of planning and technology that goes into ensuring the data is effectively protected. It's not about where the data resides.

In fact, we're seeing data that's actually more secure on public clouds than it was on internal systems. Indeed, the breaches continue to focus on unsecured local systems, with public clouds largely spared thus far.

Control does not equal security, and it never did. Those who continue to push back on cloud computing using security as an excuse, without understanding the real issues, are doing their businesses a disservice.

This article, "Sorry, cloud resisters: Control does not equal security," originally appeared at Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at For the latest business technology news, follow on Twitter.


Copyright © 2014 IDG Communications, Inc.

How to choose a low-code development platform