Backup and Storage

Security is safer in-cloud than in-house, says Google security expert

Eran Feigenbaum’s claims will further fuel claims that the cloud is the safer option.

A recent Cloud Industry Forum survey revealed that security concerns were the main issue holding back those companies that have yet to migrate their data to the cloud – although adoption was on the rise in 2011-12.

However, according to search engine and internet giant Google, firms should drop their concerns around the security of cloud back-up – as data is in fact more secure in-cloud than in-house.

Google Enterprise director of security Eran Feigenbaum spoke at the Australian Information Security Association’s National Conference in Sydney this week, and according to ZDNet qualified his claims over cloud security by noting that while the level of physical and software security in place differed from company to company, on the whole the cloud was a safer and more secure option for data.

And the expert expounded on the further advantages of outsourcing document storage and records management to a third-party cloud service.

"Cloud is typically less expensive than traditional on-premise software – especially if I start adding all the other costs of backup, antivirus, storage, et cetera – but it shouldn’t mean that it’s cheap [in terms of quality]," he said.

"There may be different providers and different solutions that are intended for different purposes […] but I believe that cloud computing, compared to most organisations [and] what they’re doing today, is probably more secure."

The experts assertions further fuels the debate that the cloud is a viable data storage service for corporations large and small alike, although Mr Feigenbaum warned that no organisation is immune to attack – and working with the cloud service provider will help minimise the impact from such a data breach or leak.

"One thing I would insist if you are moving to the cloud, and contractually insist, is that if there is a security incident affecting your data, that your provider needs to tell you," he told attendees. "There’s no ifs, ands, or buts. You may not need to know the specifics, but you need to know what data was affected, when it was affected, and what your cloud provider did to remediate that."