I was sitting at LAX last weekend waiting to board my plane, and took a few minutes to read up on the latest news about the Office of Personnel Management's (OPM) data breach. Over 21 million individuals' Personally Identifiable Information (PII) stolen by hackers -- reportedly the work of a foreign government.\nAnd how did OPM discover the breach? They stumbled upon it while investigating a previous breach that had resulted in the theft of another 4 million individuals' PII.\nNot too long before the OPM's disclosure, the Internal Revenue Service announced that 100,000 tax accounts had been hacked. And before that, Home Depot, Sony, Target -- all victims of sophisticated, successful and massive attacks.\nTroubling events, and part of an unmistakable trend that makes it clear much of the data we entrust to governments, companies and other organizations may not be as secure as hoped. If you\u2019re a business or technology leader, these events also make it clear that if you\u2019re not already focused on data security, it\u2019s time to quickly and resolutely make it a priority.\nFrom what I can tell, though, none of the aforementioned breeches were the result of exploiting cloud vulnerabilities. Instead, they were the result of social engineering attacks or software exploits that could have happened regardless of the hosting model (i.e., on-premise or in the cloud).\nThe vulnerabilities associated with Internet-connected systems hosted on-premise, and those hosted in the cloud, are generally the same. (And while I might make the case that cloud providers are likely to have better physical security, data center facilities aren\u2019t typically a target for most hackers.)\nFortunately, the techniques needed to secure systems in either model are also the same. If you\u2019ve developed your on-premise systems using secure coding practices, placed your systems behind a well-designed firewall infrastructure, implemented vulnerability management best practices, and leveraged intrusion detection capabilities, then you\u2019ve developed the skills and instituted the practices that will help you proceed securely in the cloud.\nIf you haven\u2019t, drop what you\u2019re doing, and get started immediately! Security is a practice every IT department should be developing as a core competency, as unprotected systems hosted on-premise are equally as hackable as unprotected systems hosted in the cloud. Don\u2019t have the resources needed? Done carefully, moving to the cloud can actually free resources to focus on security: less racking and stacking, more firewalling and detecting.\nInterestingly (and not surprisingly), cloud providers and third-party security firms are beginning to make very credible progress towards helping customers leverage the cloud more securely. Before long, it may actually be easier to secure systems in the cloud than on-premise. I\u2019ll dive a little deeper into this topic in a future blog.