As cloud vendors mature, Web-based delivery of applications, storage and infrastructure is getting more secure and trustworthy. That doesn't mean that the risks are gone--they've just migrated to a more difficult-to-manage form. Today, big-name cloud providers like Salesforce.com offer top-notch security, auditability and compliance. Even Google provides a compliant e-mail hosting solution for regulated industries such as healthcare and finance. Providers can now meet corporate needs, experts say, as long as companies do their security due diligence and pay attention to contract fine print.
In 2005, Atlanta-based Cox Communications began using BlackLine Systems' hosted services to replace its manual financial close process based on spreadsheets. Now, the $9 billion cable operator is moving to a cloud-based version of the same system, BlackLine's OnDemand offering.
Just keeping software patched and up to date can be a daunting task for businesses. "Typically, IT shops struggle with that because they're underfunded and don't always have the resources," says Adam Rice, chief security officer at Tata Communications, an Internet service provider that offers cloud-based security services. "Cloud-based computing is something that, over time, will actually change the paradigm of things."
But Rice warns that customers need to do due diligence. At Tata Communications, he says, clients regularly come in to do their own security audits, and some insist that the right to do surprise inspections be included in their contracts.