I’m just back from a trip to London for the InfoSecurity Europe show – by far the largest annual security conference in Europe, with over 12,000 attendees. It was not only a successful trip in terms of CipherCloud winning an important award, but also for the insights it gave us into the interest European companies have in cloud security.
It seems as though I never left the show floor, giving dozens of presentations and demonstrations over three days. There was a very high level of interest in cloud security and the CipherCloud solution, but I also noticed some interesting trends while speaking with hundreds of attendees.
Conventional wisdom has been that European businesses are more conservative, more regulated, and more cautious about moving systems to the cloud. But I’m not so sure that’s true anymore. While they may be slower to adopt than the U.S., the move to the cloud is clearly a global trend and the benefits of the cloud are clearly winning over the perceived risks.
The term I heard from numerous attendees is that the Cloud is “inevitable”. However, this was always followed with “but we’re worried about security and compliance”. Our map of global privacy, data residency, and host nation access laws sparked numerous discussions and healthy debates about how each country’s laws are interpreted. (For example, I learned that every state in Germany can interpret and enforce national data privacy laws in different ways.)
But the recurring theme was that Cloud initiatives are definitely happening in Europe, an IT security is often playing catch-up, trying to secure cloud applications that have already crept into enterprise use. With the prevalence of BYOD and the viral spread of convenient content sharing sites, most people seem to accept that corporate information is already going into the cloud, and IT must now deal with a new reality.
Through my own informal survey of what cloud applications people are trying to protect, I was not surprised to hear strong interest in Salesforce, Force.com, and content sharing tools such as Box and Sharepoint. But I was surprised by the strong interest in Office 365 – easily the topic of more than half the demos I gave.
It seems like enterprise adoption of Gmail in Europe was small – representing too big a shift in the trust model for sensitive communications. But many organizations now see the benefits of moving their internal Exchange servers to the cloud – allowing them to maintain familiar tools for their end-users while dramatically reducing infrastructure costs. But again, the big question is security – can organizations adequately protect sensitive and regulated information if it resides in unknown cloud locations. For this audience, CipherCloud’s solution resonated extremely well.