A recent Gartner report examined large service provider constraints, stating that their focus on new services often comes at the sacrifice of enterprise customer service. Virtela’s unique model enables us to maintain consistent quality of service while developing new services and strategies. The two can go hand in hand, and these achievements have not gone unnoticed. In 2012 we were named “Best Service Provider” by the prestigious World Communications Awards (WCAs) and also included on AlwaysOn’s Global 250 list of top technology companies in the world. Additionally, we received numerous awards for our passionate customer service and support from organizations such as the American Business Awards (a.k.a. The Stevies) and  Network Products Guide.

In 2012 the industry also continued to see a heightened demand for cloud-based services. It’s no surprise that our cloud architecture, Enterprise Services Cloud (ESC), and the services it powers including Cloud-based Application Acceleration and Cloud-based Mobile Device Management, continued to garner industry recognition. Capacity Magazine named us a finalist in the category of “Best Market Innovation” for ESC. For the second consecutive year, Virtela won the Frost & Sullivan Product Leadership Award for our Cloud-Based Application Acceleration Service. We also received countless accolades for Cloud-based Mobile Device Management including a Cloud Computing Excellence Award, a Global Excellence Award and a finalist nod in the 2012 Global Mobile Awards , among others.

Our IT Infrastructure Management Services  featuring VirtelaPredict also attracted much attention and recognition this year. Again, this comes as no surprise given the industry is increasingly demanding more proactive support and a reduction in downtime. Virtela was named a winner of Global Telecoms Business (GTB) Innovation Award for our predictive IT infrastructure management service. VirtelaPredict, the innovative predictive analytics technology behind the service was recognized for its ability to identify and remedy 95% of potential infrastructure issues before they impact network health. VirtelaPredict was also recognized with the Best New Service award from the American Business Awards, the Data Center Innovation Award from the Golden Bridge Awards, and the Communications Solutions Product of the Year from TMC.  

In 2013, Virtela will continue to uphold our commitment to fierce innovation and exceptional customer support. We are humbled by the recognition we have received this year for our virtualized networking, security and mobility services along with high customer satisfaction and will use these acknowledgements to raise the bar even higher in 2013.

On its 4^th year, Capacity Central America seeks to provide a forum and venue for Central American carriers and global telecommunications interests to connect and dialogue on opportunities in the region. Discussions on evolving technologies, regional regulations, and regional connectivity catalyze solutions that address global needs to spur trade and development. Participation in this annual event has grown significantly over the years, and Virtela was there to forge stronger ties and start new supply chain relationships in vigorous pursuit of pushing the capability frontiers of its global network. Being part of on-going telecommunication exchange of ideas in Central America allows us to keep pulse on the region and continually drive value on behalf of our customers. After all this is a region that culturally takes great pride in the premium that interpersonal contact and relationships provide as a vital tool in pursuing business agenda.

The event was also a venue to discuss regional challenges and technological directions specific to Central America. The conference had sessions delving on interoperability difficulties among carriers serving the region. Telecommunications infrastructure in Central America is driven by the reality of asymmetrical traffic flow between the world and the region. With a reported 85% of regional internet content generated in Miami and Dallas, infrastructure has evolved in such a way that it is more cost effective for regional carriers to establish peering relationships in Miami than with each other in-region. Add to this the cost related challenges of last mile connectivity in a region where population tends to be vastly dispersed. Unlike the urban clustering in Panama, the most connected country in the region, population in Central America is widespread and separated by unfriendly topographic conditions. Compounding all of this is the stark reality of international regulatory and trade barriers.

Ominous as the present challenges appear to be, Central America’s telecommunications vision for the future lends cautious excitement. Speed shapes user experience and how connectivity is utilized. The advent of LTE and smart handheld devices are widely seen as game changers that will spur greater demand for services in the region. Consensus in this year’s conference points to the consequential deployment of LTE technology in the region. LTE is expected to drastically alter the telecommunication ecosystem in Central America. The region also sees itself increasingly leveraging major subsea cable systems tangent to its shores, overcoming hindrances of international copyright protection laws, and caching local content in-region.

Capacity Central America 2012 was a reunion of carriers and regulators in the region. Joining this annual event in Panama has afforded Virtela full engagement with telecommunications interests in Central America and we look forward to coming back.

Different demands
Controlling costs, delivering strong performance and ensuring uptime for primary and backup networks was never an easy job description for enterprise IT teams, but the task has grown taller as operations expand and fragment. Instead of serving one location, they are monitoring traffic between multiple satellite offices (and potentially multiple continents). Instead of dealing exclusively with hardwired desktops, they are balancing VPNs and all kinds of associated arrangements to support remote and mobile workers.

And given the pace of modern business, many of these network administrators are simply learning on the fly. Department heads are requesting new slates of applications seemingly every week and executive teams have little patience for connectivity issues at new offices considering all the paperwork they had to file and hoops they had to jump through just to open the doors.

More providers, more problems
As company headquarters go from being the only office to the central office, IT teams can expect to welcome a cast of new characters into the network performance management equation. The first challenge will be selecting the right carrier when sourcing bandwidth in a new country. If you thought booking an exotic vacation was difficult, try accounting for every variable in an international telecommunications contract.

Once you’ve settle on a squad of new partners connecting your global operations, there’s still the matter of filling in the holes that are sure to emerge in this patchwork setup. Maybe one provider’s network monitoring practices aren’t quite what they seem or an unexpected earthquake throws networks offline. Stranger things have been known to happen, and when they do, end users have no interest in waiting days for you to find and resolve the issue that is crippling application performance.

A united front
It is not often IT departments get a chance to turn back the clock and enjoy the arrangements of old, but they can get a taste of something similar by partnering with a global managed services provider. Instead of sorting out network performance issues with an ever expanding array of partners and stakeholders, these expert allies can serve as your single point of contact.

As a result, nothing gets lost in the translation of complicated contracts and companies know exactly what to expect when their new business partners are presented with a challenge. By leaning on the MSP’s integration skills and predictive analytics capabilities, customers can feel confident that networks are primed for success and that any threats that crop up down the road are rooted out before they have a chance to compromise operations.

Nevertheless, some days are stranger than others. And when things start getting “weird” on the company network, administrators are all but assured of a long night ahead. To mitigate potential damage and increase their odds of an early evening, smart IT pros know it’s all about effective security information and event management (SIEM).

Aggravating anomalies

When IT teams get the sense that something weird is going on behind the scenes, they’re usually relying on more than just a premonition. More likely, administrators notice something that just doesn’t add up when monitoring network health in real-time or reviewing activity logs after the fact.

Where did that device come from? Why did traffic spike 600 percent during that three-minute window? Why are those two servers suddenly talking to each other? Who was accessing the finance database at 3am on a Sunday?

These are the types of questions raising eyebrows in IT departments all around the world each day. And although there is sometimes a perfectly reasonable explanation for these anomalies, the more concerning possibility is that they could be the traces of a cyberattack.

In the modern threat climate, prevention is all but a lost cause for some of the larger companies out there. However, the impact of a breach can be greatly reduced if organizations respond swiftly and intelligently once something weird jumps up on their radar.

Better baselines

For something to be classified as “weird,” there must naturally be another point of reference that has been deemed normal. And considering the stakes of the IT security game, “I know it when I see it” is not a sufficient definition of a network anomaly.

This is still a subjective pursuit, of course, and establishing network norms is as much art as it is science. Bring the fences in too close, and everything starts to look like an outlier. Build your perimeter too wide, and danger goes undetected. To build a better baseline, companies will need to dust of their analytical expertise and let SIEM systems answer the call.

As log auditing starts to become an exercise in big data analytics, companies will need some technical horsepower to get the job done. Whether that means building up in-house capacity or outsourcing the task to a managed security service provider, it’s going to require plenty of muscle to pore through the data and established a more informed perspective on what constitutes normal network activity. That way, you can feel more confident that the anomalies you detect really do merit an immediate response.

As is often the case, the answer lies somewhere in the middle of this spectrum. While compliance and security are two distinct principles, effectively satisfying each objective depends on keeping them in close alignment with one another.

Drawing the distinction

Part of the confusion swirling around matters of IT security and compliance is the considerable overlap between the two categories. Both concepts are rooted in defending networks and keeping data safe. And there is, of course, the fact that there are a variety of compliance mandates telling IT departments how to set up their security protocols.

The trouble is, A still does not equal B in this equation. Compliance provisions should, more properly, be thought of as the baseline requirements that must be satisfied. Companies will already know this lesson well if they’ve overheard regulatory nightmares experienced by their contemporaries or have their own tall tales to tell of nerve-wracking audits.

But considering the current state of today’s cybersecurity climate, baseline is not the adjective you want describing your network defenses. Any company resting easy once compliance has been achieved could be setting itself up for a fall.

False sense of security

As more companies are starting to realize, there can be a considerable gap between where compliance expectations end and where true security innovation begins. Considering the pace at which cybercriminals are introducing new threats and employees are introducing new devices to the corporate network, it becomes nearly impossible for compliance measures that are inherently static to progress at similar speed.

For instance, regulatory bodies are just starting to adapt old provisions and prescribe new ones to address the rise of disruptive technologies including cloud computing, social media and smart devices. Meanwhile, hackers have had little trouble getting accustomed to the new rules of the game.

As a result, several big name companies received rude awakenings earlier this year when they learned that their compliance credentials were not enough to guard against data breaches that have taken millions of dollars to resolve and shaken confidence to the core.

Toward a unified strategy

With compliance proving to be a necessary objective but an insufficient defense, companies must begin to examine how the two concepts we started with complement one another.

As mentioned above, satisfying compliance mandates is the first hurdle that needs to be cleared. IT and legal teams must come together to outline and assess the standards they are being held to and take stock of how close they are to achieving those objectives.

From there, companies need to fill in the blanks and pick up where regulators left off. For example, auditors may not be concerned with the finer points of mobile device management software just yet, but your IT team certainly should be.

If this all sounds like a lot to handle, that’s because it is. Putting these concepts into action requires a great deal of time, not to mention finesse, which few in-house IT departments have. And even when they think they have the ideal strategy outlined, budget realities could send their house of cards crashing down.

The good news is, companies no longer need to be restricted by their back-office talent and resources. Managed security services providers can shoulder the burden with an attractive mix of superior technology, deep experience and often unique insight into the compliance requirements that cover your operations.

One data center issue that we may not think about, though, that Wired was actually wise to point out is squirrels. That’s right, squirrels. Wired was so bold to call squirrels the “data center’s enemy No. 1.” That might be a little extreme, but they can certainly be a nuisance.

As Wired noted, a 2011 blog post from Level 3 Communications blamed squirrels for 17 percent of the company’s cable damage Squirrels are pretty indiscriminate about what they’re willing to chew through, be it a delicious acorn or fiber-optic cable or power line. Yes, the squirrel will likely pay the consequences for that last one, but whatever justice you may feel will be greatly overshadowed as you scramble to get your systems up and running again.

BC/DR in a squirrel’s world

Preparing the data center for squirrels in not much different that other threats, whether it’s a storm, employee mishaps or malicious strike. One of the best ways to minimize the impact of any of these events is to store data and applications in more than one location. This is more of a precaution should one of your storage facilities go offline. If such an event does occur, services can simply be rerouted to other facilities with very little effect on the company.

There are also a handful of technological solutions to help your disaster recovery efforts, whether spurred by squirrels or otherwise. Data backup is essential in today’s data-driven business environment. Cloud computing is a great and increasingly popular option here, as it enables companies to back up their information and applications off-site, ensuring safety from disasters that may strike the physical location of a building. Tapes and disks are two standbys here, performing a similar service as the cloud, though they are often cheaper but less efficient.

Backup and recovery software is also important, providing a convenient way for a company to back up its servers, workstations, virtual machines and more.

Test and test often

Many companies realize that disaster recovery is a key part of running a business and they are taking the initiative to implement solutions like the cloud and virtualization backup. However, putting the tools in place and calling it a night is not the best approach.

Disaster recovery strategies need to be put to the test to ensure they are capable of meeting a company’s needs. A recent study from InformationWeek found only 38 percent of surveyed businesses have BC/DR plans and test them regularly. This means a lot of companies are putting themselves at risk – which can otherwise be easily avoided. Businesses are advised to sit down with their IT departments or managed service providers to determine the best BC/DR plan for their unique challenges, whether it’s squirrels, hurricanes or blackouts.

According to the study, more than 80 percent of businesses are currently using the cloud in some capacity, marking the third straight year this figure has grown. Even more impressive, the study also found that 85 percent of businesses surveyed have positive feelings about the cloud, up from 72 percent in 2011.

This represents an important achievement for the cloud. For years, IT pundits and industry experts have heralded the cloud as a game-changer in the enterprise, noting the technology’s ability to improve businesses operations across the board. However, not all businesses have been quick to agree. Though many see the cloud’s potential to cut cost and deliver robust IT services from software and data storage to app development, some have held on to lingering doubts.

This could be expected given the cloud’s disruptive nature. Chief among these concerns is the security of cloud services. Many businesses are uncomfortable trusting their sensitive data and applications to a vendor that may or may not be familiar with a company’s particular needs. A May 2012 study from Cisco found 72 percent of companies still harbor data protection concerns when it comes to the cloud. This was followed by the availability/reliability of applications in the cloud (67 percent) and device-based security (66 percent).

However, as companies become more familiar with the cloud, many of these concerns are falling by the wayside. That same Cisco survey found 20 percent of IT decision-makers plan to deploy over half of their total applications to the cloud by the end of the year. The CompTIA study, meanwhile, found more than half of surveyed businesses will increase their cloud investments by 10 percent or more in 2012.

What’s changed?

Though Cisco’s survey clearly indicates there are still some concerns about the cloud, these issues are now being seen more as minor inconveniences rather than full-out obstacles. The question then is what has changed during the past few years to convince businesses that the cloud is worth it?

The simple answer: the cloud is just too good to ignore. As CompTIA’s director of industry analysis, Carolyn April, suggested, the cloud offers so many benefits to so many areas that businesses are willing to forego the perceived risks.

“Advanced software for analytics, unified communications, enterprise resource planning, customer relationship management and other sophisticated technology solutions were often out of the price range or skill set of many businesses,” April stated in a press release. “With cloud-based solutions and delivery and either set monthly pricing or a pay-as-you-go model, these technologies come within the financial reach of even the smallest of small businesses.”

With the cloud, companies can improve several areas of operation that were once out of reach. Small businesses especially can take advantage of the cloud to expand their performance in areas like data analytics, communications and collaboration. Large businesses, too, will enjoy the benefit of deploying the same platforms across multiple branch offices, affording all employees access to the same robust IT solutions.

Are the risks real?

While businesses are becoming more comfortable with the cloud, it is important to note that the perceived risks should not be ignored. As we pointed out in an earlier post, most cloud providers are able to offer a higher level of data protection and expertise than a company could leverage on its own. However, a company looking into the cloud must be aware of the vendor’s policies regarding security and availability and ensure that services adhere to the various regulations that may dictate certain industries.

Healthcare providers, for example, need to be certain their cloud services are HIPAA-compliant, while retailers must ensure services are in line with the PCI DSS. Even businesses in industries lacking such strict regulations must put forth certain best practices to avoid any complications stemming from employee activity.

Even as more businesses migrate to the cloud, they must be mindful of the various challenges the technology can create. As CompTIA noted, changes to policies and procedures may be necessary in light of the disruptive technology. This shouldn’t dissuade a business from adopting the cloud. Instead, it should serve as a necessary yet helpful step in the path to successful cloud migration.

Not too shabby.

Of course, it’s not a bad time to be on the customer side of the cloud either. Massive spending growth for the cloud indicates someone must be doing something right.

However, there is still confusion surrounding the cloud. For all its benefits, there are plenty of myths, misconceptions and general misunderstandings about the technology that may hinder businesses from using the cloud to its utmost potential – or in some cases, may lead businesses to develop too high of expectations.

We’ll start with the benefits.

Benefit #1: The cloud improves agility

This is quite often cited as one of the top benefits of the cloud and with good reason. Businesses in the cloud are afforded a level of flexibility never before available when relying on traditional on-premise systems. Whether it’s storage, data backup or applications your employees use every day, the cloud’s agility is unmatched.

This mainly comes from the cloud’s ability to reduce the amount of time it takes to provision. Need to add a few gigs of space on your storage service? Simply go to the vendor’s website and upgrade your service levels. Recently hired a new employee who needs to be added to your CRM platform? Again, just go to the vendor and request to add a new account.

In the cloud, you only pay for the services you use. If one of your employees leaves the company, you don’t have to pay for that vacant spot. You can easily just scale down your services until they are otherwise needed.

Benefit #2: The cloud provides a sense of relief

Summer means a great number of things to many people. Most of us picture beaches, family vacations and ice-cold drinks. That’s certainly the nice side of summer, but it’s also a time for wildfires, drought and the impending hurricane season.

Not to be a buzzkill, but a reasonable business manager must think of these unfortunate possibilities, as well as and how to cope with them.

The cloud can help. By storing data safely on third-party servers rather than in your company’s data center, the business does not have to worry about losing information to a hurricane, fire or any other disaster that may affect the physical premises of the company. This level of assurance also applies to man-made disasters like Internet outages and cut power lines.

Now on to the myths.

Myth #1: The cloud is a security liability

This myth has been a pervasive one since the early days of the cloud. While the cloud does come with some challenges, it’s not accurate to say it is less secure than any other IT systems out there.

A recent study from North Bridge Venture Partners found security to be the primary inhibitor of cloud computing adoption. The majority of holdouts worry about the implications of losing control of their data, storing it on a third party’s server rather than in-house. This mindset makes sense in theory. In practice, not so much.

Depending on the type of business, there’s a good possibility that data security is not your employees’ strong suit. Why would a three-person marketing firm have expertise in locking down a server or safely transferring data from one site to another? Chances are, your employees have other things to worry about.

That’s not so with the cloud. Security is among the many core competencies of a cloud vendor. So, while there may be some separation anxiety when moving your data and applications to the cloud, you can rest assured knowing they’re in good hands.

Myth #2: The cloud will save you money

This is another muddy issue, as study after study has shown reduced IT expenses to be a primary driver of the cloud. That the cloud can save you money isn’t completely untrue, but businesses may be surprised to learn they have to put some effort into their cloud deployments in order to do so.

When implemented correctly, the cloud can have a great return on investment. However, savings tend to be indirect, rather than extending from cheaper services. Reduced downtime, for example, is a great example of how the cloud saves money. If a company can avoid disruption and downtime, it will have more time to focus on making money.

Companies can also save on maintenance as such tasks are typically handled by the vendor. The cloud vendor may send out updates from time to time that need to be addressed, but for the most part, the customer is free from making any hardware or software upgrades that may take time out of the day or disrupt the general workflow.

Go forth into the cloud

Cloud technology has become a bigger part of the conversation in recent years, but there is still a great deal of confusion surrounding it. All signs seem to indicate that the future of IT operations will be found in the cloud. Before a business makes such a leap, it is important that decision-makers understand the implications of the technology and know what they’re getting themselves into.

According to section 10.6 of the latest Payment Card Industry Data Security Standard requirements (PCI DSS v2.0), any entity involved in payment processing is required to perform log analysis at least once daily. 

At a recent security conference that I attended, SIEM was the keynote topic. The speaker covered the areas of log retention and reporting in great detail, but fell short in analysis.  I asked the speaker to explain the process around creating log analysis, knowing this was a loaded question as we at Virtela have been working on this for years.  My intent was not to challenge the speaker; I simply wanted to compare our thoughts about good processes for log analysis .  The speaker danced around the subject, answering in abstracts like “try to understand what you are looking for” (not bad, but pretty vague), “understand the threat landscape” (OK, sure that is important, but still pretty vague), and went on about some other lofty ideas, but no concrete “first you do this, followed by this, and then proceed with this…”  As I have attended many conferences this year, it is becoming apparent to me that there seems to be a lack of clarity on the subject of operationally defining security events that can be generated (via correlation) from a SIEM.  So, I decided to share my thoughts on the subject in hopes of helping those that are trying to deploy a SIEM solution, as well as maybe sparking a healthy debate.

First thing to decide: What do I put into the SIEM in the first place?  PCI DSS requires log retention for one year, but what logs are needed and what logs aren’t?  I have found that this is a source of great debate within the security community.  What I hear from those that put little thought into the matter:  log everything!  OK.  If you have infinite budget, read no further.  If you are like most of our customers, logging everything is not operationally practical and it is potentially damaging to your network, systems, etc.

SIEM “Junk Food”

Just like the food you put in your body, if you put junk in, you can expect to your body to underperform, right?    The same thing holds true SIEM.  The SIEM uses a limited amount of processing resources to perform analysis.   If you put “junk” logs in the SIEM, you will make the SIEM chew up a lot of processing just to sort all of those worthless logs out.  This will impact the SIEM’s capability to process real security events in a timely fashion.

Now, what logs do I mean by the “junk food” of syslogs?  I am referring to “trivial” logs.  Trivial logs are usually the result of poor planning as to whether or not the logs were needed in the first place.  Examples of trivial logs are logging on ping, logging on NTP, logging on DNS requests, etc.    

This is the point at which arguments begin to form for specific events where you would need these logs.  If you want to argue the point, consider this first: start making correlation rules that you can take action on.  Go after the low hanging fruit, and leave the “trivial” logs to last.  This will allow you to work with log volumes and actual security events without inundating your SIEM with less useful log data.  If you absolutely must have them, add them after you’ve scoped every other valuable/actionable log event.

Let’s take a cue from the PCI DSS Standard: We need to log IDS and AAA Server events.  OK, makes sense.  Certainly we will point all of our IPS logs at the SIEM for analysis.  We will also point our AAA systems, such as Active Directory, LDAP, Wireless LAN Controllers, and Radius systems.  But is that enough?  What about firewall logs, do we need those?  What about Remote Access, Network Access Control, or Identity and Access Management?  If it restricts access, looks for malicious traffic, or tracks activity you want to send the logs to the SIEM.  Just keep asking the question: Are the logs I am sending relevant or am I sending a bunch of logs that I likely won’t need.  Build a business case for the logs.  That business case will also work great for the next activities.

Asset Valuation

Next we must assign values to assets protected by all of these security devices.  What areas of the network (subnets), systems (Oracle DB), facilities (manufacturing) are critical to the business?  Rate these systems based on their criticality, or Potential Business Impact (PBI) on the system.

Correlation and Alerting (the analysis part)

OK, I’ve got equipment forwarding useful log data, cleaned up firewall rules, changed the system logging level to reduce trivial log data, assigned asset values, and now I need some correlation rules.  What is important to alarm on?  Here is where the business case comes in.  A pretty simple method to set up a business case is to use flow diagrams. I want X + Y + Z to happen over a certain time frame. You can draw those out in a flow diagram and the equal sign equals your security event. So, X + Y + Z = security event. These conditions must happen. Event one, plus event two, plus event three must happen over a period of time and that means this event is happening. If you use that guideline for generation correlation rules, you’ll win every time.

Next up in the series… Operational SIEM, security events and contextualization for effective incident response.

And their worries were not without merit. It’s true; trusting your data to some other company can – and in some cases should – be a daunting move. After all, in this era of multi-million-dollar data breaches, cybercriminal attacks and the rise of so-called hacktivists, it seems wise to keep your cards close to the vest. You didn’t build the cloud provider’s data center. You don’t know who has access to it on a daily basis. Why on earth would you store your company’s most valuable assets there?

The truth is there’s not a simple, straightforward answer to this question. But there is some evidence, and in recent years more companies have begun to realize that their apprehensions about the cloud may have been misguided. As these businesses begin to embrace the cloud, they are realizing that not only is their data safe in the hands of a cloud provider, but it’s often safer than it would be on their own premise.

Finding security in the cloud

Not every company can afford traditional security solutions. At a time when businesses are doing what they can to trim fat and squeeze every dollar for what it’s worth, shelling out a little extra for security is out of the question. Instead, you go for the bargain: PC coverage, anti-virus software and a free bar of soap for every smartphone you decide to protect.

This might work if you’re protecting your home computer.. But when you’re tasked with protecting your company’s IT infrastructure, safeguarding every bit of data that some pesky hacker or disgruntled employee wants to get his or her hands on, this doesn’t quite cut it.

This is where the cloud can help. When operating on a shoestring budget with valuable data to protect, the cloud can be your friend. Take online storage services, for example. Even if you can afford to purchase and maintain the servers needed to store your data, can you afford to pay for the solutions necessary to protect it? With the cloud, this isn’t an issue. Instead of paying for the hardware and software yourself, you simply pay for the service and the provider takes care of the rest. Sure, different services come with different offerings, but generally each of these will be top of the line, so you know you’re getting more than you pay for.

And this says nothing of the expert knowledge a company gains from partnering with a cloud provider. In most cases, things like security and data recovery are core competencies of the cloud provider. Can the same be said of a midsize marketing firm looking to protect its data? The company might have an IT guy or two running around the office, but he’s generally too worried about making sure computers are running smoothly or teaching people how to connect to the printer to devote the necessary time to security.

This makes the cloud an ideal solution for security. Not only does a company save money on equipment, but it also benefits from the expertise of the cloud provider, whose day-to-day job is protecting your data.

Doubters remain, but are growing sparse

Despite the growing number of voices insisting that cloud-based solutions are just as, if not more, secure as traditional setups, many businesses still hold fast to the notion of the cloud’s inadequacies. In fact, a recent study by North Bridge Venture Partners and the 451 Group found that security remains the main obstacle to the cloud’s growth.

However, at the same time, businesses do seem to be growing more confident in the cloud. That same study, which surveyed nearly 800 industry experts, users and vendors, found that half of respondents believe the cloud is mature enough to handle their most mission-critical applications. This indicates that while concerns remain, icy feelings toward the cloud are beginning to thaw. And as they do, more businesses will recognize not only the security, but the financial gains that can be had through the cloud.