Security concerns over the cloud remain common. Indeed, a recent survey by V3 sister site Computing showed this quite clearly.
However, not everyone agrees this is right, as Mark Ridley, group technology officer at venture builder Blenheim Chalcot Accelerate, explained during a Computing web seminar last week. "I totally understand that, although I don't agree with it," he said.
"When I first started looking after servers 20 years ago I was loathe even to put them into a managed hosting system. Those were the days of Windows NT when servers would go down all the time and I couldn't stand the thought of not being able to physically reboot the server when I needed to.
"I've had to go through an evolution in understanding security in the cloud," he added.
Ridley maintains that, with a few caveats, public cloud encourages greater security, not only because of the expertise that cloud providers can bring to bear, but also because using their services forces organisations to think about data security in greater detail.
"You have an illusion of control and security and governance by having everything being in one space, but actually you're probably not scrutinising your own organisation in the way you would a third party. The cloud provider is not necessarily a friendly actor, so making sure your data is protected against them can often lead to much higher levels of security than if you manage your own infrastructure."
This doesn't mean that all organisations should start putting sensitive data in the cloud, however. For a start, many do not have the right skills and culture to properly manage cloud services.
"You need an organisational change to use the cloud and some companies aren't ready, so they'd be better off with hosting or a private cloud," Ridley said.
"The organisation needs to change the way it looks at security, and it could be that you simply have the wrong sort of people in your organisation. They could be comfortable with thinking that security stops with the firewall, but that changes completely with cloud."
Another caveat is the type of data you might wish to process and store. For example, US cloud providers are legally obliged to allow US government agencies to access their systems. State interceptions have been shown by the documents leaked by Edward Snowden to be motivated by industrial espionage as well as issues of national security. Intrusive laws are being introduced by other countries too, including the UK.
"When you start looking at the public cloud you have to look at how you protect data from government activity," Ridley said, explaining that this too requires fundamental changes in organisational thinking.
"If I'm dealing with very sensitive data then suddenly I'm thinking how do I encrypt every bit of that data in transit and at rest, how do I manage the keys and do I need hardware key management. Suddenly the way you have to think about security completely changes and the organisation needs to change too."
Overall, though, Ridley believes that for most cases security is improved by moving operations to the cloud, and that proving compliance certainly becomes a whole lot easier.
"If you're selling a b2b service and going through lots of compliance checks it will be easier to say ‘I'm with Amazon or Microsoft or Google and here is my box-ticking exercise'. It will be easier for vendors and consumers to understand the compliance measures in place," he said.
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?