My oft repeated advice for technology vendors is that security sells.
Given a choice between two vendors of similar products or services an informed buyer will head for the vendor that can better protect his or her data. Large technology vendors forget this.
Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?
I like to think that the success of Apple‘s computers is based in large part on the higher perception of security around their products. (Although it is really a lack of threats that leads to this conclusion).
As more and more attacks on data stores hit the news it is becoming evident that security is going to be the primary concern of anyone moving their data off site, particularly to the cloud.
I had an opportunity to interview the CEO of Egnyte (video here), which has tackled the numerous security concerns that cloud storage introduces. Vineet Jain describes the enterprise focus they have at Egnyte. Central policy and administrative controls can tie in to Active Directory or LDAP. Granular access controls down to the file level are possible. All data is encrypted in transmission and at rest.
As companies like Box and DropBox take off they are scrambling to build security features in after the fact. Often their security is encapsulated in a promises that their admins are constrained from viewing customer data. That of course is no security at all since attackers target administrator accounts and are not likely to respect those constrains.
Cloud storage is one of the most rapidly growing services for small to large enterprises. I fear that these services are going to become rich targets of opportunity for attackers. Therefore, the strongest possible security measures are needed. Egnyte is taking the right approach: security first, growth second.