Across the multiple LinkedIn Groups, Twitter and Facebook pages, and on the blog itself I have been humbled by they fantastic and vigorous debate that the blog’s posts generate. It is clear that amongst the Business Community there is a real need to understand what Cloud Computing really means to your Company and to your bottom line.

When we are able to forget about the technology, and start thinking about what that actually enables us to do then the true excitement starts – remote working, disperse teams working on a single document, sales people able to cut out “admin day”, MD’s being able to chase up debtors in realtime, IT teams being able to align with the business strategy.

There have also been some common themes in the comments, where there are natural concerns around what it means to a business to have their applications running outside of their network:

  1.  What if my internet connection goes down?
    2. How secure is my data/what are the legal implications?

    Today, I want to spend some time on the second point. I want to try and differentiate between two words, that in the ‘old world’ meant the same thing, but in the ‘new world’ actually mean the opposite – Control and Security.

When you run your applications in your own network, and in your own office, you have control. You can see the boxes. You can see the light is on and hear the fan. Perhaps you are not happy with them under a desk so you buy a server cabinet, perhaps as your rack of hardware grows you dedicate a cupboard or small room to it. You provide a combination lock for the door and install some CCTV to the building. You have RedCare on your Phoneline. You add a redundant Exchange server in case the first one goes down. You have a back-up tape system and take the tapes home every night (or try to). You have a security guard who patrols the business park. He keeps an eye on things at night.

“I have control. I have security.”

In a Cloud environment when you add a new contact record into Salesforce the data is stored…….somewhere on the internet. When you send an important email through Google Apps the record of it is…..I’m not sure. When I add in this month’s invoices in Xero they are all kept…….oh dear me!

“I have no control. I have no security.”

But this is incorrect.  Have a think about your personal bank account.  We all hear mythical stories of the man who kept his money under the mattress, because he knew where it was, and he had control.  He felt it was more secure.  But you and I know that our money is much more secure in a bank.  After all – they are not just looking after our money, they are looking after billions of pounds worth, and therefore their security will be much greater than my Yale lock on the front door.  

More so, because they look after so much money, they can afford to provide much better services to clients than my mattress could provide.  Interest for a start, Cash machines so I can access my money anywhere, and because banking is a cloud model (i.e. my money isn’t held in my branch) I can use internet banking from any connected device to manage my funds and pay my bills.

When we look at Google and Salesforce as two of the leading Cloud providers we need to do our due diligence as we would for an on-premise solution, but we must also recognise that the physical, technical and human security that they provide will be way beyond what even the largest Corporates could afford to deploy themselves.

If we take Google for example – they provide a Security Whitepaper which goes into great detail explaining the multiple levels of security that they provide to you as a client.  As a business owner the question I ask myself is “Could I get close to matching this in my own office?”  The answer is no.

Salesforce also provide an insight into the levels of security they provide in their Security Statement.  Again, as a business owner I take heart from the fact that Enterprise clients of Salesforce like Bank of America, or Japan Post will have done far more rigourous due diligence than I would require.

The second part of the data security question is about it’s location.  As a business owner collecting and holding customer data you will know only too well your responisbilities under the Data Protection Act, FSA Regulations and PCI Compliance.

I am not a qualified legal advisor so the following should not be taken as official advice, but I can offer my assessment of the situation.