Your Data is Probably Safer in the Cloud

Fifteen years or so into public cloud computing, perhaps the strangest lingering objection to cloud migration and lift-and-shift has to be the notion that “sensitive” data needs to stay on premise. Let's take a minute to break that down.

Unless you are working in a few select corners of government or defense, you can almost guarantee that Amazon, Google, and Microsoft have stronger security and data protection posture than you. Better tools, better processes, faster patching, and more engineers. Your on premise data center is FAR more likely to get hacked than their cloud infrastructure.

That goes for physical access, too. Assuming you're using encryption at rest and managing keys properly (which is all very easy) someone could literally walk out of a cloud data center with a drive containing your data and it would be utterly unusable to the attacker.

Maybe the cloud provider itself would like to steal your sensitive data. This argument occasionally gets made by retailers considering AWS. Not likely — these companies aren't going to risk liability and reputation of their billion dollar businesses fishing for nuggets in customer data.

Of course, your in-house team bears responsibility for using the cloud in a safe and secure way. But in fact with a bit of training, that's much easier to do than securing bespoke on-premise infrastructure. (Cheaper, too.) And your engineers and admins will be grateful for having a lot of tough issues delegated to the cloud provider.

So why aren't security, compliance, and governance banging on your door asking you to move to cloud? If you're an engineering project manager, it falls on you to explain these issues to the business.

Let me know if you'd like to hear more about this subject!