Cloud computing more secure than traditional IT, says Google

Cloud computing can provide higher levels of security than most in-house IT, says Google.

Cloud computing can provide higher levels of security than most in-house IT, says Google.

Most businesses do not have the security intelligence gathering capabilities and resources to match Google's, said the firm's enterprise security director Eran Feigenbaum.

"Cloud computing can be as secure, if not more secure, than what most organisations do today in the traditional environment," said US-based Feigenbaum on a visit to London.

Security is often cited as a concern by businesses considering cloud computing, but the model eliminates the opportunity for most common causes of data breaches, he said.

"Data is typically lost when laptops and USB memory sticks are lost or stolen, but local storage is no longer necessary if a company uses cloud-based apps," said Feigenbaum.

One of the selling points for the cloud computing model is that users are able to access documents from anywhere at any time over the internet.

"Statistics show that 66% of USB sticks are lost and around 60% of those lost contain commercial data," said Feigenbaum.

Security patching is a common problem that can be eliminated by cloud computing.

"Research shows most organisations take between 25 and 60 days to deploy security patches, but CIOs admit it can take up to six months," said Feigenbaum.

Cloud computing service providers like Google claim that the model frees company IT administrators of this task, improving security for many organisations.

Google is able to patch systems rapidly and efficiently as it has a homogenous IT environment across the organisation, unlike most other businesses, said Feigenbaum.

The rapidly increasing number and sophistication of cyber threats is another area of security that most organisations are ill-equipped to deal with.

"Google is able to gather security intelligence from billions of transactions a day and apply that intelligence in real time throughout the organisation," he said.

"A lesson learned on is a lesson learned on Google Apps".

According to Feigenbaum, enterprises will move to cloud computing just as people started using banks because they had better security resources.

"This change in mindset will move businesses from datacentres to cloud computing services that have the expertise and systems to protect their data," he said.

Alluding to a problem with Google Docs that caused users to share documents inadvertently earlier this year, Feigenbaum said the model once again proved itself.

"Only 0.05% of users were affected and we were able to fix the problem very quickly. In a traditional environment, more users would have been affected and it would have taken longer to resolve," he said.

Feigenbaum emphasised the importance of security and privacy to Google, saying these issues are "paramount" to the company's success.

For this reason, Google has 24-hour security monitoring of systems, distributes data throughout the organisation so it is not humanly readable, and conducts regular third-party security audits.

The company also has several processes in place aimed at minimising insider threats to security.

Google enforces role-based and least-privilege employee access to systems, provides security training for all employees and requires them to sign up to a strict code of conduct.

Read more on IT risk management