Going back to 9/11, there began the realization that an attack on data center infrastructure would make a large corporation the most vulnerable – even more than the loss of the leadership. Simply put, it could stop business in the water. It seems that one of the biggest areas of potential exposure to cyberattacks is in the handoff to outside networks, and if there is a substantial shift in enterprises minimizing these interfaces, it would obviously decrease the amount of bandwidth needed for transport by public networks.
We know of one Fortune 250 corporation, which has had at least two encounters with cyber hackers in China over the last two years regarding stolen intellectual property. One of the attacks involved Windows 2000 (Microsoft retired and stopped supporting those servers), and so the engineering team moved horizontally across the company to take control of those relevant services. Even more significantly, engaging in such battles has heightened the perceived security risk at the firm, and it is reluctant to run applications outside of its network – including storing data with any cloud provider – and has integrated a relatively high level of redundancy between its data centers.
Now some people argue that it is arrogant to believe that any entity could possibly do security, including hiring superior experts, better than the Amazons or the Googles of the world. Others are concerned that those providers have a gigantic target on their backs, and that the necessity for further implementation of complex cloud security technology on such a broad perspective will be a major challenge.
It is likely that a large majority of businesses are inclined to put their less sensitive information into the cloud (such as Outlook, Office 365, etc.). Yet with their SAP apps, including a lot of customer database information, they will probably remain in their own data centers both to control and monitor them as well as do their own upgrades. Financially strapped enterprises that may be running out of data center space may decide to take on the risk of putting everything in the cloud.
Certainly, so many of the cyberattacks are self-inflicted because of inadequate socialization of personnel at a company. Frequently, there is a lack of emphasis on the proper policies and procedures, including on access to the computer room, on background checks, on not using a thumb drive in a computer that was dropped in the parking lot, etc.
At the same time, when it comes to decision-making on how best to transport highly sensitive information, especially to parties outside of the company, just the perception of danger will tend to trump reality. While the amount of data created by businesses will continue to increase exponentially, it will not necessarily be a slam-dunk to assume it will all go over interconnected networks. At least for a while, there may indeed be a major shift to the old-fashioned means of delivery – hand-delivered and surrounded by security guards.
[written by Mark Lutkowitz]
(For insights on Google's overall investment mentality, please click here.)