You may have read that “the cloud” is a scary place, that accessing your systems over The Internet cannot be trusted, or that only by having all of your data “in house” can you be safe. None of this is true.
First, let’s talk frankly about what “the cloud” means. It means, essentially, nothing. It simply means using someone else’s resources, across the Internet, for your systems. That’s all. Whether it is safe or unsafe has nothing to do with it being “the cloud” or anything of the sort, and anyone telling you that it does thinks that you’ll want to buy some ocean front property in Arizona, too. What makes “the cloud” safe or unsafe is the vendors that you choose – which is why we should always talk about our options in reference to specific vendors, not “the cloud” as a concept, because that means nothing. That’s a fear mongering technique that is commonly used to try to elicit an emotional reaction, rather than a logical one, to using vendor resources.
Next, let’s talk about the security of your own IT team. We have to be honest here, your internal IT team has very few resources for security and resiliency, they can’t afford the tools, the training, the systems, the insurance. At best, small business in house IT will “try hard” at security, and some might do well, but “well” is relative and even the best medium sized business cannot even begin to approach the security of the big enterprise cloud providers like Amazon, Google, Microsoft, Oracle, and so forth.
Believing that it is possible for small in house IT teams to compete, let alone exceed, the security of the big vendors is hubris and hubris is a very dangerous thing when it comes to security. In fact, what should be feared most is the small business IT team that feels that they could make such a boast. These are the teams most likely to put your company at risk because they aren’t approaching security rationally, but rather emotionally.
There are many good reasons to consider running your IT systems in house on your own servers, but security is not one of them. Deciding between “the cloud” and in house systems is one of features, cost, performance, or flexibility; but if security was the determining factor you would be hosted on “the cloud” every single time.