Judging from the messaging, reviews and conversations that came out of the SharePoint conference earlier this month, the word from Las Vegas could be summed up as, "It's all about the cloud stupid!" 

With Office 365 growth surpassing SharePoint's, Yammer the new focus of social and the newest buzzwords, Office Graph and Oslo, the drum beat you hear is the continued push to the cloud.

But the messages that the social collaboration strategy will now be based on Yammer and that there will (at some point) be strategies to migrate on premises SharePoint customers using the out of the box social functionality over to Yammer are not very reassuring.

Are Vendors Doing Enough Around Cloud Security?

Although I use Microsoft as an example, I'm not picking on them -- this applies across product segment and across vendors -- and on premises systems also often have compliance issues in highly regulated industries. But in the rush to both public and private clouds, are the vendors doing enough to support customers in financial services, health care, pharma, life sciences, etc.?

While a lot of the marketing focuses on secure log in, integration with on premises identity management systems, and the standard use of TLS / SSL for security data as it passes “over the wire,” generally speaking there is a lot less of a focus on securing the content once it is in the cloud, for example by encrypting data at rest. If the vendor can do this, the next question to ask is where are the encryption keys managed and who has access to them? Do the vendor's system administrators have access to the keys for “maintenance,” diagnostic and troubleshooting purposes? Or does your own staff hold the keys on your own internal systems -- and does that necessarily make them safer?

I make this last point because while you may feel safer setting up and running your own firewalls, intrusion detection systems and more, your on premises solutions may not be all that more secure than that of any particular cloud vendor. No one said that the worlds various regulatory bodies have to keep up with the latest in technology. They tend to be conservative due to the very nature of their existence, and hand down regulations and direction to their constituents that are also conservative, restrictive and --dare I say it -- not always very tech savvy.

Cloud Based Collaboration (With High Level Security Please)

So back to our Microsoft example. In a regulated industry you may need multiple third party vendors to ensure that using offerings like Office 365, Yammer, Office Graph and Oslo actually meet the requirements placed on you.