There is this impression that premises-based solutions are more secure than cloud-based solutions. While this certainly CAN be true, it is a far cry from being true. The vast majority of organizations will find cloud-based services to deliver improved availability and security. That’s because most premises-based implementations are not particularly redundant or secure. Cloud providers offer a higher degree of specialization, and can focus on things like security and availability with more effort than a purveyor of say fine widgets.
I don’t recall ever hearing about a customer credit card breach at Amazon, but I have heard just that from Target, PF Changs, TJ Maxx, and UPS stores (to name a few).
Google let me know about some improvements they’ve made regarding security. That whole thing with the NSA tapping fiber has caused a whole series of security improvements across the cloud.
Yesterday, Google announced they received an updated ISO 27001 certificate and SOC 2 and SOC 3 Type II audit report, which are the most widely recognized, international security compliance reports. These audits refresh their coverage for Google Apps for Business and Education, as well Google Cloud Platform, and they expanded the scope to now include Google+ and Hangouts. More importantly, Google is now publishing its updated ISO 27001 certificate and new SOC3 audit report on the Google Enterprise security page. Google also revealed they now have 450 full-time engineers focused on customer data protection.