Last week, I spoke at an event to people with on-premises Exchange environments who were looking to move to a cloud-hosted service like Office 365. Every time I speak on such migrations, someone in the audience raises his hand and goes off about the latest cloud hack to suggest the cloud is unsafe. It happened last week, too.
How am I -- or anyone -- supposed to respond to the naysayers? Yes, I know online services have been hacked. I'm also aware that many of these folks, while sincere in their desire to protect their data, are also uncomfortable with losing control over it. It's a sensitive subject, to be sure.
I have a response -- but it's not a technical one.
It begins with making an effort to understand the core claim. In this case, the cited hack was that of Apple's iCloud, which was an easy one to address because iCloud itself was not in fact hacked. Instead, people fell victim to phishing scams, which let hackers use their iCloud credentials -- phishing can be used to access any online system, including those in your data center. (As I've said before, I believe two-step authentication is essential to ensure a greater level of safety.)
After I explained the iCloud "hack" wasn't what it seemed to be, I expressed that validity of security concerns, as such incidents trigger the basic fear that all people have when putting data online. But I also emphasized the real solution was to provide solid security measures, not to blame a whole platform for poor security by one provider or implementation -- cloud or otherwise.
My next step is appeal to their sense of time (or lack thereof). I explain that I understand with on-premises security over data, IT admins know who is responsible for security and believe it to be safer in those known hands (it maybe their own). But I also point out that many IT admins are running around with too much on their plate. Security has become a full-time job and requires a tremendous amount of expertise to do it right on-premises. For all the fear of the cloud, the fact is companies are routinely hacked, and many never even know it. In reality, your on-premises systems are not more secure than the cloud.
Don't forget: Cloud providers can have people working 24/7 to improve security. They can also invest much more money into data security than any individual company can.
Jesse Lipson, then CEO of ShareFile (now owned by Citrix Systems), once wrote our belief that we can do a better job of securing our data on-premises than a cloud provider can is a case of our brain playing tricks on us: "Your brain is conflating control with safety. This same fallacy is what causes some people to be afraid of flying on an airplane. Because they are not in control ... they become afraid."
Sign up for CIO Asia eNewsletters.