Worries about security are a big barrier to wider use of cloud technology. But a properly run cloud strategy – whether it is public, private or hybrid – should be just as secure as any other form of infrastructure. It is important that any change to an enterprise’s IT infrastructure ‘does no harm’. Consider how your systems work right now – who has access to personnel files for instance? Getting a very clear picture of existing permissions is a good first step to keeping security and data protection at the forefront of everyone’s thinking. Although a purely private cloud infrastructure does offer some security advantages for a business, albeit at a cost, you still need to think about remote access, perimeter controls and the risks they bring. It is more likely that even if a business starts with only private cloud it will quickly move to a more hybrid model. To ensure this step is made securely it is vital to design your private infrastructure with the likely hybrid evolution in mind. Think about how easy migration will be, consider open standards which should make adding infrastructure functions much more straightforward. The hybrid model brings more of the benefits of cloud technology to more of your staff. It means they’ll be able to access company data and applications from different devices in different places. It is crucial that you and your cloud provider speak the same language in terms of security risks. This means you need to choose a partner which behaves proactively to monitor and investigate emerging threats and doesn’t just wait to react to warnings from others. You need to be sure your partner will be honest with you if problems do arise. Finally however sure you are that your security is excellent a proper cloud strategy will also allow you to recover if the worst does happen. There needs to be a plan in place from the very beginning which will provide fast, reliable recovery from attempted attacks or data breaches.