As companies shift more workloads into the cloud, fears persist that storing business data off-site is less secure than keeping it in an in-house data center – despite evidence to the contrary, says Gartner Inc. research director Steve Riley.

For proof, look no further than data-center encryption, he says.

Speaking to a group of chief information officers here at Gartner’s annual CIO conference, Mr. Riley said many big-name cloud providers, including Microsoft Corp., routinely encrypt data stored in physical data centers as a much-touted security feature.

Yet the move serves only to protect the data in the event that a disk drive is physically stolen from the data center, he added.

“That’s just not a thing,” said Mr. Riley, who previously worked in cloud and data security at both Microsoft and Amazon.com. “It never ever happens,” he said.

The encryption, he says, is likely done to help CIOs convince their employers that the cloud is safe. “It’s all about marketing, as far as I can tell,” he said.

CIOs here say perceptions of the cloud are evolving, but a culture of mistrust and fear continues to permeate throughout the C-suite and in many boardrooms – an attitude one CIO in the aerospace industry described as “not in my backyard, not in my control.”

Mr. Riley said the cloud industry has developed standards for gauging levels of security, from third-party audits of security controls and attestations, to documentation and statements of best practices, which most of the largest firms provide.

All have a financial incentive to make their services as secure as possible, he said. And because big cloud providers likely invest far more in security than any of their customers, a move to the cloud “actually gives you a good opportunity to look beyond legacy security providers” to safer ground, he said.

Gartner is in the process of creating a “taxonomy of cloud security” based on standardized measurements and analysis that break down providers into different tiers.

The analysis, expected to be released next year, is aimed at helping CIOs identify areas and providers where they need to focus cloud security concerns, he said. This tends to be with mid-tier providers, that may only be in the process of attaining third-party evaluations of security controls.

Among top-tier providers, including Amazon.com Inc.’s AWS, Microsoft and Google, “you don’t need to worry about security anymore,” he added.

By Angus Loten for wsj.com | Images: Pixabay

To see full article: http://www.wsj.com/articles/presidential-debate-after-a-sedate-start-donald-trump-takes-the-bait-1476932103