Risk is not a Synonym for “Lack of Security”
Security risks are not always indicative of a lack of faith in the provider’s competency but about, well, risk.
IDC recently conducted another cloud survey and [feign gasp of surprise here] security risks topped a healthy list of concerns that, according to the survey, outweighed cloud computing benefits.
While growing numbers of businesses understand the advantages of embracing cloud computing, they are more concerned about the risks involved, as a survey released at a cloud conference in Silicon Valley shows. Respondents showed greater concern about the risks associated with cloud computing surrounding security, availability and performance than support for the pluses of flexibility, scalability and lower cost, according to a survey conducted by the research firm IDC and presented at the Cloud Leadership Forum IDC hosted earlier this week in Santa Clara, Calif.
[…]
However, respondents gave more weight to their worries about cloud computing: 87 percent cited security concerns, 83.5 percent availability, 83 percent performance and 80 percent cited a lack of interoperability standards.
It would be parsimonious (but altogether commonplace) to assume that “security concerns” or “security risks” translate directly into a lack of security on the part of cloud providers. Ockham’s razor might not draw blood from such an assumption but it does lead to the dismissal of what are certainly legitimate concerns on the part of would-be cloud computing customers.
Risk is not a synonym for “lack of security.” Respondents to surveys asking about cloud computing adoption inhibitors are not necessarily concerned that cloud providers are lax in their implementations of security. Rather it is more likely that because cloud computing impacts the ability of organizations to quantify some of the risks and properly address those risks through processes and technology that it becomes problematic to justify the benefits despite the risk because the latter is unknown.