Cloud security is a concept that still promotes vigorous debate among IT experts and across the wider business community. Search for the term online and you'll quickly disappear into a digital labyrinth of arguments and counter-arguments, myths and misconceptions, logical reasoning and more fanciful conclusions.
Participants in this debate can be loosely grouped into one of three camps: those who consider the cloud to be inherently less secure than traditional on-premise IT, those who believe the security of cloud-based services can match and even surpass on-premise systems, and those who argue that well, actually the situation is a bit more complicated than that.
The third point is important because reducing the subject to a simple yes/no argument is generally unhelpful, particularly when we consider that hybrid IT environments which combine services in the cloud with on-premise systems are becoming increasingly common.
However, my ultimate aim is to tackle what I would consider the number one myth about cloud security: the idea that putting data in the cloud automatically exposes an organisation to greater risk than an on-premise system. Here at Kahootz, the fact that we’re confident about the invalidity of this idea is what enables our cloud collaboration platform to provide secure file sharing.
The root of all cloud security fears
Firstly though, it's worth acknowledging why anxiety about cloud security exists in the first place - and why it seems to persist in the face of growing evidence to the contrary. A recent article by Information Age made reference to an "irrational fear among IT leaders" regarding the cloud, but actually the source of their unease is not so difficult to identify.
Gartner's David Mitchell Smith hit the nail firmly on the head in an analyst release last October, when he observed that the nature of cloud computing - with a clear boundary in place between provider and consumer - inevitably creates an air of mystery and the unknown.
"From a consumer perspective, 'in the cloud' means where the magic happens, where the implementation details are supposed to be hidden," Mitchell Smith commented. "So it should be no surprise that such an environment is rife with myths and misunderstandings."
Security and agility
For Kahootz and other providers of cloud services, the challenge then is not to deny that this line of thinking exists, but to support IT leaders in moving past it by clearly explaining the security features that their cloud service does offer - and the additional advantages it can provide in terms of building a more agile and collaborative organisation.
So we try to make it as simple as possible for users to understand how our cloud environment provides genuinely secure file sharing, as well as why this environment is not inherently less secure than on-premise infrastructure. Many people find our track record of providing secure file sharing software and other collaboration services to UK government departments - some of the most demanding customers in terms of security - to be a useful indicator of quality.
We also created a free to download guide, How Kahootz meets the 14 Cloud Security Principles, to explain how the tool meets the latest public sector standards for cloud services. Much of the content can also be applied to private sector organisations seeking to assess the security credentials of a cloud collaboration tool.