Would it be fair to say that data is safer in the cloud? Why or why not?

Yes, if you keep practices in mind and secure your application properly, the cloud is a safer place for your data then what most SMB and Mid-Market companies utilize today. Greater than 90% of the clients I speak with, the data center that cloud providers place their services in are safer than the compute facilities that they use internally (often just a server closet with a window on the door, and the door is usually wide open)...

I agree with the general set of responses here, the cloud is not secure in and of itself... we each bear the responsibility and burden to secure our particular stack of applications and resources. What is important for anyone considering cloud services (whatever they might be) to understand is that moving to the cloud does not absolve you of your responsibility to secure your companies assets...

The best way to think of the cloud is as a mechanism to convert your Expense structure from a CapEx model to an OpEx one... this says nothing about security of the infrastructure, but more about the financial decision process... This is not the only reason to move to the cloud, but one of the most compelling. There are many great technical, security and scalabiliyt reasons as well, but those are topics for a different time. When moving to the cloud, all of the things that you had to focus on for security on premise should still be top of mind.

If I'm a small or medium size business, I need to understand why my data IS much safer in the cloud!
3 Key Factors:
Consider this, most cloud providers either SaaS, PaaS, or IaaS have a substantial investment in their infrastructure. Most have protection against outages all the way down to multiple generators with an onsite fuel supply. Redundancy is built throughout the data centers with power feeds coming from different utility providers, branch circuits from different PDU's (Power Distribution Units) I realize that is not true "data" protection, but it is a factor that you have to consider. How many times have you lost company data due to an unplanned reboot and the data tables in your data base are a mess? How does a cloud provider’s data center compare to that of a small or medium size company?

#2, he corporate network is accessed via the internet all the time. Think about how many remote users are connecting to the corporate network from various internet connections around the World. A server in the cloud will not compromise a data breech any more than that of a sales rep accessing the order entry system from a remote hotel wifi hot spot. The high end cloud providers will offer virtual routers that are created with a server instance (Specifically referring to IaaS here) that allow for port forwarding and VPN.

Lastly, when we look at data specifically, most cloud providers have a resilient SAN environment in place. Some will have a configuration that separates the data from the OS layer, which means if a server fails, your data is still safe because it resides on a separate platform.

The bottom line is 90% of business will see a substantial leap ahead in security and data protection when choosing the cloud. A cloud provider has a substantial investment in fault tolerance and data protection, after all, the survival of their business depends on it!

It is not fair to say, in general, that your data is safer in the cloud. But it is something that each business needs to consider carefully, there may be other mitigating circumstances that make the risk worth the reward.

Data Centers do not have a monopoly on infrastructure redundancy. Data can be very safe locally, even for very small businesses. RAID (redundant array of Inexpensive disks)protects data from drive failure. Backup technology has made amazing leaps in speed and ease of restore. Data Centers are using the technology that is available to everyone. They just have more of it.

Be sure to look at your long terms costs. We recently did a comparison of costs in using an onsite database app vs subscribing to a hosted version. Over a 5 year period, keeping it onsite saved almost $8000.

What is great about data in the cloud is the ability to share it. That is useful when you are a management consultant like me working on developing business plans. This allows for interaction and a process of collaboration that beats sending spreadsheets or word processed documents back and forth endlessly. If you can invite a group of people to collaborate you can save considerable time.

But for secure data, as I recently advocated to a friend of mine who is an intellectual property lawyer, data on the cloud is only as secure as the security of those who have access to the data.

I know I do my banking online and I have a PayPal and eBay account. I regularly buy books from Amazon and download ebooks from Kobo. But if anything is sensitive I keep it behind a firewall on my desktop and backed up to backup drive and CDs.

I would not entrust sensitive data to a cloud environment. There are just too many variables that could impact the security of that data.

Safe against what? On what scale? In terms of physical storage, our business burned to the ground in 2005 about 9 months "after" moving to the "cloud" Bought a couple of new PC's and were fulfilling orders from storage lockers with an inverter and generator in just a few days.

Had the in house servers been destroyed in the fire - I would have been working the fry station at McDonalds instead.

Get hacked in the cloud? sure everyone gets hacked it's a matter of degree (success) - banks get hacked a lot because "that's where the money is"

I think small business are safer from hacking because a) they don't offer the same challenge of say Sony b) hackers know you can ding CitiBank for 5K and escape prosecution because they don't have the resources to track the culprits down.

I accidentally deleted a domain with lots of data on it - the host had it restored in under an hour - good luck with that on your own server.

Putting your data on an external hard drive or disk increase your risk of data loss exponentially - car crash - car break in - spilled beverage - dropping on sidewalk - equipment failure - no thanx - too much pressure

for the small business person, you can upload unlimited data to goDaddy for about $150/year - you can use Filezilla to get it up to the cloud for free where they have redundancies built in - everyone has fun until the hard drive fails

There is an old saying among hikers..."You are only as strong as the weakest member of the group." This saying is true within the cloud as well. When you are working with data in the cloud, all organizations involved need to implement the strongest security measures possible, including security measures for when that data is in transit. A breach in data will most likely occur within the area where there is the weakest security. That doesn't mean that it will occur. It just means that, that is most likely where it can/will occur. If that breach occurs on the cloud provider's side, then one can argue that data is not safer in the cloud. If that breach occurs on the client side, then the cloud was not to blame and one could argue that the data is safer within the cloud.

The concept of security in the cloud also needs to extend out from the technology and into business. For example, what If a provider's servers are inaccessible? Will your own operations grind to a halt? What effect will that have on your business? In that case, is the data really safe? You can't even get to it!

All in all, every business that is moving into the cloud needs to evaluate each part of the cloud that it plans on using, as well as the providers for those areas. That evaluation process is multi-dimensional and multi-faceted. One cannot say that data is more or less secure in the cloud until each evaluation process is complete.

I looked at this question some time ago in my blog - http://rcl-systems.blogspot.com/2008/01/saas-software-as-service.html
My conculsion then as now is that the cloud is not safe for various reasons discussed in the blog. I also concluded that the cloud gives a false sense of security to its users. In that all the time you can access it, everything is fine. Its those; hopefully rare times; when you can't access it that you realise how fragile the cloud is.
Take yesterday for instance, my broadband ISP provider had a major problem with its servers/fiber optic cables - people keep nicking them apparently. I could not access the internet for most of the day. If my data had been held in the cloud and a major business event occurred at the same time, I could have lost a significant amount of business. Security is not just about ensuring data is not seen by unauthorised persons. Its about having access to ALL your data, at ALL times.
The cloud as a concept cannot guarantee 7 by 24 access due to the number of service providers between you at your PC and the disk that holds your data.

I think it depends on the company size and the importance of the data. For SMBs, it is definitely fair to fair to say that it is safer, easier and more affordable.
It seems like the some well-known blogs or even news networks like CNN love to pick up negative stories about cloud computing. I think as a business person, the right question to ask is not if the cloud is 100% safe but if it is safer than any other alternative that you are able to and willing to pay for.

One of our customers came to us because his internal security rules are so strict that his software/IT department can not keep up with the pace of updates, upgrades, bug fixes, security patches etc. for their inhouse software. They are several versions behind which creates real security issues (not speaking of functionality) So they signed up with us (Software as a Service/Cloud based database) because our system for that reason alone is much for secure than what they have (or can have) inhouse.

Absolutely not! Who's to say that the company hosting your cloud solution isn't going to go belly-up? Or have all their servers wiped out in a natural disaster or terrorist attack? Or be the target of hackers who would disable them, block my access to my files, or corrupt/erase them? And what if I want to change companies and move my data over; will the company be receptive to that, or try to hold my files hostage? I've heard many horror stories of people who worked with website designers who wouldn't release their URLs to them when they wanted to move them elsewhere, and left them in a pickle. I don't need that kind of hassle with all my business data.

If I were a large company with many users in different locations, perhaps the cloud would be a better solution. But as a one-person business working out of my home, I like the security of keeping my data on my computers that are under my control. Yes, I do automatic backups to my external hard drive every hour, and I probably need to do some cloud backups, as well, just in case something happens to wipe out everything in my office. But no way would I store all of my data only in the cloud.

The same goes for software; I can see how the software companies want to push us all toward cloud-only applications, enticing us with easier updates that happen seamlessly. Just as Amy points out above, they make more money by charging people subscription fees for accessing the software than by selling it to them once. But I'm still using some software that's no longer being supported by the makers; it works just fine for my purposes, and if I didn't have that software resident on my computer, I couldn't still be using it. The cloud is most definitely not a better solution for that reason. The higher cost of "renting" software instead of buying it is the other main reason that it's not. And when you add in the uncertainty of putting your data under somebody else's control...I have to say no, thank you, to the cloud!

if you have an insecure application moving it to the cloud does not make your application any more secure or less secure IMHO.

A cloud provider (a decent one) IS going to give you redundnacy, scalability, replication to multiple mirror sites but this isnt security its backup and availability. They will give you a vastly more secure server environment (hardware level) than a typical SME or indeed some enterprises could afford ie IPS, multiple firewalls and DOS capabilities that most people cant afford but at the end of the day if your application is poorly architected from the software security perspective this isnt going to help you much. I think most companies are worried about cloud because their applications fall into this category.

Such a degree of inevitability now, perhaps the questions should be "how would you like your data secured?", before somebody else determines that for you.

Well a trick question always deserves a trick answer!

Security is 100% dependant on all the relative components, network and software related to the level of security desired. While there are some inherent aspects of the cloud that could be considered more secure, there are other that would think access to data by anyone outside a company would add risk. Yet, we know that over 90% of all data and security risk comes from the "inside" of a company where access to information and systems is more readily capable.

Bottom line is you need to consider all the aspects of your "touch points" and the Cloud based or in-house system security aspects to ensure you are secure, as you need to be.

Really, is data ever safe? Absolute security is an abstract, theoretical concept.

That being said, we are investigating cloud-based storage/backup/synchronization, and will likely move in that direction once we are satisfied that security is sufficient. Cloud-based services are the future of IT regardless, primarily for reasons of cost and convenience.

No. You could never say your data is safer on someone else's computer.

A perfect example - look at what happened to Sony with their Playstation Network. All of their players data was stored on a server that was accessed by hackers and their players accounts gave access to customers credit card information. Now think if someone as big as Sony can have their cloud server hacked, what is keeping smaller businesses from being hacked...

In the end I would think you need to pay attention to what your storing in the cloud. If it is sensitive information for your customers then at the very least you need to have paper work drawn up to inform them of the offsite storage. In my honest opinion it would create too much of liability issue.

I have used some cloud storage for job files, but all financial data, and any customer job that deals with their internal data is backed up and saved to external hard drives and stored at my office and off site. It is a little bit more of a hassle for myself, but the customers I have know that their information is safe and I know that it is backed up.

Just remember saving cost is a good thing but as long as it does not affect your customers. I know if my personal information was lost by a bank, I for one would change banks. So if you lost private information for your customer would they stay or leave? What would you do?

Any service where you do not have direct control on your data is not secure. Similarly when you are not sure who is "looking" at your data is not secure. Your data may be in "compliance" with the laws of the land where you the cloud-client are residing. Is it in compliance with the laws of the land where it is hosted or is transiting?

Customer (services consumer) and Vendor (services provider), both should be aware of what they want and what they are getting back in actual.

Customer needs to know and understand offered services by his vendor on Cloud environment in terms of SLA and security compliance (agreed Vs provisioned) and keep doing regular checks on time-to-time.

Understanding how architecture, technology, process and human capital requirements change or remain the same when deploying Cloud Computing services is critical. Without a clear understanding of the higher-level architectural implications of Cloud services, it is impossible to address more detailed issues in a rational way.

The keys to understanding how Cloud architecture impacts security architecture are a common and concise lexicon coupled with a consistent taxonomy of offerings by which Cloud services and architecture can be deconstructed, mapped to a model of compensating security and operational controls, risk assessment and management frameworks and in turn, compliance standards.

As as a conclusion, I do agree that the data is safe on Cloud.

How can one say that the data in "On-Premise" is safe? Data will be safe only in safe hands irrespective of hosting location (On-Premise or Cloud).

It is about adoption mindset and faith between service consumer and provider.

As a mere user, of both cloud and my own servers, I have a suspicion that the cloud is a bit like nuclear power. We all get excited about how clean and easy it is, and one day . . . .

As a user I have absolutely no way of knowing how secure, or stable, a cloud providers infrastructure is.

Over the past 5 years I can remember both Apple mobile me services going down, and Facebook and LI being off line for a few hours. So Mr. Service provider, are you bigger or more secure than Apple? "Trust me" said the salesman.

So I'm keeping my clouds for convenience and my nicely RAID thingy server so I can sleep at night (or at least access my data at night).

And still I wonder about nuclear power . . .

Yes, the data is safer in the cloud. As we are getting news that many big brand banks in US has lost credit ratings, clearly showing recession is striking back and it is much stronger this time and impact of it can be huge. As this is the age of global business, companies are not limiting their business to one country and very much dependent on other country business conditions.
Now if we feel that we should be ready to wind up our operations once again, it is actually not the right thing to do. But what we should do is to find out the alternatives which can help us not only to survive but work in a normal manner even in recession.
Well, Cloud Computing is one of the solution which is very hot, where we look for cost saving. We can save a lot of operational cost with the help of cloud computing. Though it is an upcoming concept but ultimately is a saviour for us in the upcoming tough time.

You can check this link as it is informative- http://www.myrealdata.com/blog/application-hosting/cloud-computing-%E2%80%93-...