Philippa Yelland has published an article on cloud computing in the investment and superannuation industry in this month’s Investment Magazine.

It starts off a tad doomsday-esque with an image of a dark, ominous sky and the headline “Storms Gather in the Cloud” (OK, so a lot doomsday-esque), but when you read the fine print, the point is that cyber theft is a risk for any online system. Moreover, the major cloud vendors often have the most robust infrastructures because (a) they do it for a living; and (b) they’re under constant scrutiny by their enterprise clients. I chimed in briefly to challenge APRA’s recent focus on cloud and to suggest that their concerns are equally relevant to on-premise solutions, and to challenge that cloud is inherently the riskier proposition.

Have a read below. (We’ve even turned the magazine to the right page for you using Issuu‘s rather neat Flash component)

JP Rangaswami of Salesforce recently posted 10 guiding cloud principles that Salesforce has been working for quite some time. The principles are aimed to promote, “openness, standards, transparency, trust and guarantees”. So what do you think? The comments in the original post are interesting. You can read them here and post your own feedback.

Here they are, ten guiding principles, in draft form:

1. Transparency: Companies that provide enterprise cloud computing platforms should explain their information handling practices and disclose the performance and reliability of their services on their public Web sites.
2. Use Limitation: Companies that provide enterprise cloud computing platforms should claim no ownership rights in customer data and should use customer data only as their customers instruct them, or to fulfil their contractual or legal obligations.
3. Disclosure: Companies that provide enterprise cloud computing platforms should disclose customer data only if required to do so by the customer or by law, and should provide affected customers prior notice of any legally compelled disclosure to the extent permissible by law.
4. Security Management System: Companies that provide enterprise cloud computing platforms should maintain a robust security management system that is based on an internationally accepted security framework (such as ISO 27002) to protect customer data.
5. Customer Security Features: Companies that provide enterprise cloud computing platforms should provide their customers with a selection of security features to implement in their usage of the cloud computing services.
6. Data Location: Companies that provide enterprise cloud computing platforms should make available to their customers a list of countries in which their customer data related to them is hosted.
7. Breach Notification: Companies that provide enterprise cloud computing platforms should notify customers of known security breaches that affect the confidentiality or integrity of their customer data promptly.
8. Audit: Companies that provide enterprise cloud computing platforms should use third-party auditors to ensure compliance with their security management system and with these principles.
9. Data Portability: Companies that provide enterprise cloud computing platforms should make available to customers their respective customer data in an industry-standard, downloadable format.
10. Accountability: Companies that provide enterprise cloud computing platforms should work with their customers to designate appropriate roles for privacy and security accountability.

Salesforce has always been committed to securing its cloud services and maintaining the privacy of customer data. Real-time information on system performance and security, industry standard certifications (SAS 70 Type II, SysTrust, and ISO 27001) and third party assessments from managed security services providers are just three examples of Salesforce’s commitment to security and privacy.

Click here to download a new security whitepaper that provides a more detailed security review.

In a recent ComputerWorld article, Kwok Suk-wah, CIO of AON Hong Kong, discusses fear of data security, a common obstacle to cloud adoption.

“People think that if you outsource, you lose control of your data and assets,” she said. “I’ve been using this home-cleaning analogy to explain to others how we should approach cloud computing. Say that you’re considering whether to hire a cleaning lady to clean your windows or to do it yourself. You’ll soon realize that the cleaning lady can do the job five times faster and better than you do. But then you also worry about your valuables might be stolen. Like hiring a cleaning lady, there are many privacy and security concerns of adopting cloud computing, and yet these third-parties do the job much cheaper and cleaner than if you do it yourself. Don’t discard the idea—instead, take necessary precautions,” concluded Kwok.”

Thankfully, Salesforce / Force.com security is extremely rigorous. Reduced cost, less worry – hell, it could even help you sleep a little better.

Security & reliability matter. Actually, they’re critical.

Until recently, formal certification of information security technology was a long and costly necessity of doing business.

No longer. Salesforce can handle these costs at a larger scale, which lower costs relative to on-premise technology.

Below is a summary of the rigorous audits performed and formal certifications that Salesforce has been awarded.

Third-Party Audits

Scrutiny by trusted third-party auditors yields formal assurance in the form of third-party certifications:

• SAS 70 type II – is an independent 3rd party audit of internal controls and data security controls.
• SYSTrust Certificate – is an independent evaluation measuring a service provider against four essential principles: availability, security, integrity, and maintainability.
• ISO 270001 – international standard of information security best practice providing comprehensive best-practice advice and on how to design, implement and maintain a compliant information security management system.

Customer Audits

Salesforce.com operations receive routine scrutiny from customers. Once example is the demanding security audit that ING Bank completed before selecting Salesforce. ING Bank is now one of Salesforce’s largest financial services clients.

Still not convinced?

An overview of Force.com security can be found here, or watch the “Introduction to Force.com Security” webinar (originally recorded on October 9th, 2009).

We’d love to hear from you, so contact us to discuss any Salesforce/Force.com security questions you may have.

On-premises computing often come with a host of issues and challenges that most business people would rather not have to deal with. You don’t own and operate your own power plant, so why do you own and operate a data centre?

Leave it to the experts.

Below are 5 reasons you’ll sleep better after making the switch to the Force.com platform.

1. Physical Security: Salesforce’s data centres are humidity and temperature controlled with redundant cooling systems. The buildings have 24-hour manned security, including foot patrols and perimeter inspections, biometric scanning for access, video surveillance throughout facility and perimeter, and all computing equipment is stored in access-controlled steel cages. How does your physical security compare against that?
2. Backups: Data is backed up to tape at each data centre, on a rotating schedule of incremental and full backups. The backups are cloned over secure links to a secure tape archive. Tapes are not transported offsite and are securely destroyed when retired. In addition, you can schedule a full or custom export of the data in your system so you have a local copy.
3. Availability: At trust.salesforce.com, Salesforce shows the live and historical status of each server. Up-to-the minute information on system performance provides unprecedented transparency.
4. Disaster Recovery: Salesforce performs real-time replication to disk at each data centre, and near real-time data replication between the production data centre and the disaster recovery centre. In addition, data is transmitted across encrypted links and disaster recovery tests verify projected recovery times and the integrity of your data. How does your existing disaster recovery compare?
5. Upgrades: With Salesforce.com, you receive updates three times a year. For free. Automatically. Welcome to the end of costly software maintenance fees.

Cloud computing removes the need to install any software, buy servers, upgrade servers, back-up data, etc. The result is massive cost savings due to reduced staffing, maintenance and power consumption.

Oh, and you’ll sleep better.

Contact us today to learn more how the Force.com can help your business.