Friday, March 29, 2013

Why Do We Keep Our Valuables In A Bank Locker?

Today morning, I got a chance to talk to a large group of SuccessFactors solution consultants and partners. One of them brought up the question of cloud security and mentioned that customers are concerned about moving their core HR data to the cloud.

That is a genuine concern. People want to have control over important information. This is not very different from our personal lives. We want to safeguard our valuables. But keeping our valuables closer to us does not mean that they are always secure. It might give us a sense of security and the belief that we can do something about potential intruders. But the truth is that bank vaults are more secure than any locker or vault that a normal house hold can buy.That is why we keep our valuables in bank lockers or vaults.

Where would you rather keep your valuables? In a bank vault or at home.

This translates to cloud security too. In a public customer session at HR Insider 2013 in Las Vegas, one of the SAP - SuccessFactors Hybrid customers announced publicly that their own security audit found that SuccessFactors cloud infrastructure was more secure than their own fire wall. This does not mean that cloud infrastructure cannot be hacked. A determined hacker can get into any infrastructure, the same way a determined thief can get into any house or building.

However the security measures deployed by cloud providers, including the measures deployed by SuccessFactors, are bound to be way better than most individual companies' security measures. Cloud providers also invest heavily in security and keep up with the advances, because their survival depends on it. I am not the person responsible for cloud security at SAP and SuccessFactors. But I hear from customers that they are realizing this fact on their own.

There are always bound to be exceptions to this case. Some customers may invest more on security compared to cloud providers for national security or other business reasons. But I am learning, from customers that I speak with, that for most organizations, data in a cloud provider's infrastructure will be more secure than data behind their own firewalls.


  1. Hi Prashanth,

    This is an excellent blog and very important topic. I wrote extensively about security in my SAPexperts Special Report "SAP and SuccessFactors - An Overview" and I recommend anyone who wants to know how secure SuccessFactors is to read it. I was very surprised at how much effort SuccessFactors have gone to in order to make a watertight security model. Most of my 35+ on-premise customers could only dream of having this level of security. The report can be downloaded for free here:

    Best regards,


  2. I 100% agree. What's stopping from the cloud is now mostly cultural.

    Extensions to the analogy: we've had 600 years or so to get used to the idea that banks are safer than keeping our money under the mattress. Right now, we're in the cloud equivalent of the pre-renaissance era most people feel like they have to invest in their own castle and guards in order to protect themselves. But constructing a castle is very expensive, and most people are realizing that the risk/reward ratio no longer makes sense: a bank with lots of customers can afford a much bigger, better "castle", at a fraction of the cost to the customers.

    Where do most organizations keep their mission-critical backups? Offsite. How do they get that information to the offsite backup? Typically over the internet. So why is the cloud so scary again?

    In addition, it's not only about security: unlike storing money under the mattress, modern banks let us access our cash from any ATM around the world. Modern cloud architectures do the same, making it convenient to access your information from anywhere, on any device.

    People are generally comfortable with accessing sensitive corporate data on telephones (e.g. email!) without a second thought. The data is travelling across public networks, and the only thing stopping people from accessing it is security protocols -- just like with "cloud infrastructures"

    Finally, money is static, software isn't. Imagine if the only way to update money was to go to every individual household and painstakingly do an "upgrade" -- making any change would be slow and painful. Cloud architectures will (also) win because innovation can happen faster, increasing the pain of staying on-premise...

  3. Hi Prashanth,
    This is the very common question which is asked whenever we discuss the HCM cloud system. I think this is an excellent article to answer such questions.


Related Posts Plugin for WordPress, Blogger...