The cloud is actually safer than the local system.

I've talked to a lot of people in the traditional IT industry, and I call them "arms folded arms gang." These are all it executives who need to deal with the use of cloud computing, and typically because CEOs or their board members are asking for it, but still feel that there are too many problems with cloud computing. They want to know about cloud computing, but they don't have the confidence to use it.

The good news is that the number of "arm-hugging" members is proving to be diminishing in value as cloud computing continues. However, the cloud's debate over security and privacy is frequent. Although there are certain emotional factors, sometimes political factors, but you must in the enterprise around the actual problems and real risk education of this group of people. In fact, I've found that clouds are generally more secure than traditional systems.

According to the Cloud Security status report in the autumn of alert Logic2012, the change in threat activity is less important in the local infrastructure, and any access that can be implemented externally-whether on the enterprise or the cloud-is equally exploited because the attack is inherently speculative.

The report further points out that attacks based on Web applications attack both the service provider Environment (53%) and the Local Environment (44%). However, local environment users or customers are actually experiencing more attacks than users or customers in the service provider environment. The local environment user average attack is 61.4, while the service provider environment customer average attack is 27.8. In contrast, local environment users have also suffered more significant brute force attacks.

There is no doubt that there is a myth that cloud computing is inherently less secure than traditional methods. The paranoid think that this approach is inherently unsafe, because you have to store your data on servers and systems that are not on your own and cannot be controlled.

However, control does not imply security. As we have seen in this report, in the recent attack rate this year, more importantly than the physical location of the data is the way of access. This is the case of cloud based systems and traditional enterprise computing at the same time. In addition, people who build cloud-based platforms for businesses tend to be more concerned about security and governance than those who are building systems within firewalls.

A system that is not structured according to the same stringent security standards does not mean security, whether it is in the cloud or not. Therefore, the best practice is to focus on well-defined and enforceable security policies, using the right and feasible technology. Instead of focusing on the difference between platforms.

My recommendations include three steps:

1. Understand security and governance requirements for specific systems and/or data storage. Many people who deploy security around the cloud or traditional systems do not understand what they are trying to solve. You need to define these things in advance.

2. Understanding the importance of control access is much greater than the location of data storage. Focus on how the data is accessed, especially on how the data leaks out. Again, most data leaks are weaknesses, whether they are in the clouds or not.

3. Finally, vulnerability testing is absolutely necessary, whether you are testing cloud-based security or traditional system security. Systems that are not tested are insecure systems.

I suspect that we all think about security differently, and that the cloud we deploy is more of a public cloud based system and data store, and it will continue. However, without proper planning and good technology, cloud-based platforms are more risky. The same thing can happen to existing systems. There's no free lunch, is there?