The last conversation we had was with a CEO friend of ours who was fuming that he did not even know that there were major security loopholes in his ecommerce website that hackers were having a field day with. He sounded betrayed that the CTO would always bring up additional budgets citing some security related requirement and him and the finance committee and even the Board would most happily approve. All the presentations that the CISO, who reported to the CTO, made called out the security apparatus (infrastructure, software, resources etc.) as green in the umpteen meetings and presentations in those meetings. How were he to know that these loopholes were there if the people who were supposed to be looking into them were not even aware of them. He felt cheated. He felt like an utter loser. He was in near tears.
We hate getting prescriptive with our friends, unless they hire us with a particular mandate. However, in this particular case we did work with him to figure why he should reboot his technology environment by porting it to a third party cloud. Here are the reasons that made him make the switch:
Both physical and virtual delineation helps keep mission control data secure. The understanding of how and where the data resides is available with limited individuals within the organization.
Not all security related skill sets can be found within a single organization. Less so with small and medium sized businesses. More importantly, the threat landscape itself is ever changing with new threat vectors and threat strategies being deployed. The Cloud runs on the promise of delivering better and robust threat counter operations for its customers.
You get an independent third party to look at how safe is your data, at least in the infrastructure. The cloud provider is not an appointee that deals with your technology team. Hence, there are no biases in reporting of their findings.
An individual business will not be in a position to create data redundancies. However, most cloud providers do that. They make copies and store your data in multiple locations. In the event of an untoward incident, you are quickly able to go into damage control mode and reset to previous good data.
If your business is also sitting on the fence, field pertinent questions about the afore-mentioned reasons to your technology team. Or get us to talk to them.