Myth 3: Cloud Computing is Bad for Data Security.
The fact is that employee malice and negligence (e.g., lost laptop, smart phone, etc.) cause many data security breaches, and hacks by cybercriminals are also on the rise. Whether personal data is safer on a system secured by the data controller ‘in-house’ or an external vendor depends on security measures deployed by each particular organization. Moving data to the cloud can be a bad thing for data security if the vendor is weak on security and careless. It can be a good thing if the vendor brings better technologies to the table and helps the data controller manage access, data retention and data integrity. And it can be neutral if the vendor’s cloud system is more secure, but the way the customer uses the system keeps exposing the data (e.g., because the customer does not configure security to properly restrict data to the appropriate users, the customer uses unsecured connections or the customer downloads data from the cloud to unsecured local devices).
Every business needs to ask whether its own IT capabilities and security policies are superior to the measures deployed by a specialized vendor that can leverage economies of scale and is motivated by the risk of reputational harm to keep the data of its customers secure. If the vendor has better security measures, systems and processes, then cloud computing should be good for data security.