Cloud computingcan provide higher levels of security
than most in-house IT, says Google.
Most businesses do not have the security intelligence gathering
capabilities and resources to match Google's, said the firm's
enterprise security director Eran Feigenbaum.
"Cloud computing can be as secure, if not more secure, than what
most organisations do today in the traditional environment," said
US-based Feigenbaum on a visit to London.
Security is often
cited as a concern by businesses considering cloud computing,
but the model eliminates the opportunity for most common causes of
data breaches, he said.
"Data is typically lost when laptops and USB memory sticks are
lost or stolen, but local storage is no longer necessary if a
company uses cloud-based apps," said Feigenbaum.
One of the selling points for the cloud computing model is that
users are able to access documents from anywhere at any time over
the internet.
"Statistics show that 66% of USB sticks are lost and around 60%
of those lost contain commercial data," said Feigenbaum.
Security patching is a common problem that can be eliminated by
cloud computing.
"Research shows most organisations take between 25 and 60 days
to deploy security patches, but CIOs admit it can take up to six
months," said Feigenbaum.
Cloud computing service providers like Google claim that the
model frees company IT administrators of this task, improving
security for many organisations.
Google is able to patch systems rapidly and efficiently as it
has a homogenous IT environment across the organisation, unlike
most other businesses, said Feigenbaum.
The rapidly increasing number and sophistication of cyber
threats is another area of security that most organisations are
ill-equipped to deal with.
"Google is able to gather security intelligence from billions of
transactions a day and apply that intelligence in real time
throughout the organisation," he said.
"A lesson learned on Google.com is a lesson learned on Google
Apps".
According to Feigenbaum, enterprises will move to cloud
computing just as people started using banks because they had
better security resources.
"This change in mindset will move businesses from datacentres to
cloud computing services that have the expertise and systems to
protect their data," he said.
Alluding to a problem with
Google Docs that caused users to share documents inadvertently
earlier this year, Feigenbaum said the model once again proved
itself.
"Only 0.05% of users were affected and we were able to fix the
problem very quickly. In a traditional environment, more users
would have been affected and it would have taken longer to
resolve," he said.
Feigenbaum emphasised the importance of security and privacy to
Google, saying these issues are "paramount" to the company's
success.
For this reason, Google has 24-hour security monitoring of
systems, distributes data throughout the organisation so it is not
humanly readable, and conducts regular third-party security
audits.
The company also has several processes in place aimed at
minimising insider threats to security.
Google enforces role-based and least-privilege employee access
to systems, provides security training for all employees and
requires them to sign up to a strict code of conduct.