Open-source cloud computing offers compelling potential\u2014cost savings, innovation, low barriers to software deployment, avoiding vendor lock-in and a broad community of support, to name a few.\nDespite this, CIOs and IT executives still have misconceptions about the challenges surrounding open-source cloud technologies, such as a perceived lack of security or the potential inability to handle business-critical applications.\nWe\u2019re here to address these perceptions in a five-part series to show that these myths are just that: misconceptions about open-source cloud.\nFirst up, the lack of security. The idea here is that there\u2019s inadequate security with cloud computing in general. For several years, concerns about security have kept a large number of organizations from moving data and workloads to the cloud, particularly public cloud services.\nThe fact that some services use infrastructure that\u2019s shared among a number of customers creates a concern that data from one organization will somehow be exposed to or accessed by others. And the idea of storing information on a service provider\u2019s servers, vulnerable to whatever weaknesses the service provider\u2019s infrastructure might have, makes some companies think this is too much of a corporate risk.\nIT departments have multiple cloud deployment options to choose from \u2013 private clouds, public clouds and managed private clouds. IT organizations are best served by embracing multiple deployment models, with the appropriate security level in mind. For example, mission-critical workloads containing sensitive data are best suited for private and managed private clouds.\nWith open-source cloud computing, there is a stereotype that these products and services are being created by amateur developers who are not skilled enough to build enterprise-grade security into the software they are developing.\nOn the contrary, open-source cloud computing products are designed from the outset with security in mind. For example, there are features such as identity management to monitor who has access to content, and data encryption to safeguard information while it\u2019s at rest or in transit.\nFurthermore, open-source cloud software is peer-reviewed by community participants, leading to continuous improvements in the quality of security features and mechanisms. This community also monitors and rapidly discloses vulnerabilities and issues, and provides security updates to address them.\nIt\u2019s important to keep in mind that much about security involves using common sense and ensuring that users follow security policies and procedures. For instance, application developers should use Transport Layer Security, which employs cryptographic protocols designed to provide security over networks.\nManagers need to emphasize that information security is the responsibility of everyone in the organization, including developers, network administrators, support personnel, managers and end users. Cloud development and use today involves virtually everyone across the enterprise. In other words, security is everyone\u2019s job.\nThat also extends to the relationship between the cloud provider and buyer. CIOs and their vendors must understand the security roles and responsibilities and to whom they belong.\nResearch from International Data Corp. (IDC) released earlier in 2015 showed that many organizations expect to rely on hybrid cloud architectures, and that open hybrid cloud will become the de facto enterprise IT architecture.\nIn deciding where to run workloads within these hybrid environments, the IDC report noted that security, as well as cost and application support will drive cloud workload placement choices among companies. Security, user access controls and regulatory compliance policies were among the factors deemed most important by organizations when looking at the cloud.\nThere\u2019s a huge difference, though, between taking steps to ensure security with open-source cloud initiatives and writing them off because of perceived security vulnerabilities that can\u2019t be overcome. Rather than give in to the myth, IT decision makers need to be open minded about open-source cloud, and determine which deployment model \u2013 public, private or managed private cloud \u2013 makes the most sense for a particular workload or use case.