How many times have you heard that cloud is best for day-to-day services that are not mission critical? This is a long-held assumption. Cloud computing will be the bulk of IT spending by 2019.

Some IT decision makers, however, have remained concerned about just how safe an environment it is. A 2015 study found nearly half (49%) of IT decision makers admit they are “very or extremely anxious” about the security implications of cloud services. A more recent study by the Cloud Security Alliance reported a slight reduction in that number—35% of IT and security professionals believe that cloud-based systems are less secure than their on-premise counterparts.

So customers are moving along the cloud adoption curve—slowly but surely—and beginning to increasingly trust cloud providers with their most sensitive data. But why is that? Simply put, there are more reasons to trust the cloud today.

Threat protection is an integral part of a cloud provider’s business proposition so they tend to have higher security standards that are well maintained and enforced for all customers. This is of particular benefit to SMBs, which are unlikely to invest in comprehensive protection from external and internal threats due to costs.

What about the commonly held belief that if data doesn’t reside within your own physical boundaries, it is less secure? While confidentiality of customer data and who can access this data is always a big concern for customers, the perceived loss of control in the cloud does not stand up.

The fact is that if a potential attacker does not know where the data is located, it immediately removes the option of a physical attack, providing another security layer in the cloud. This helps to protect against threats from within the organization by attackers who are already “On-Net” and have inside knowledge of the systems, people, and processes.

Then of course, country-specific requirements to secure and control data come into play. Fortunately, cloud providers are increasingly taking note of these requirements. By securing data off-site while meeting country-specific data management requirements, cloud providers are stronger from a security standpoint than if a business relies on internal IT operations and on-premises data facilities.

Customer Adoption of Cloud Communications is Rising

Vodafone found more than 70% of large companies either currently use, or would consider using, cloud-enabled managed services for mission critical and core business applications beyond email, such as unified communications and collaboration (UC&C). 29% use cloud-enabled services for UC&C today and 4 in 10 expect to do so within two years.

Cloud communications are designed to only allow registered users and devices to access their services. Counter measures are built into the solution; for example, specific configurations to avoid IP/port spoofing and encryption of both signaling and media. Cloud communications services also typically have stronger password management and access controls by default, such as disabling web interfaces on IP phones and enforcing periodic password changes. PBXs, on the other hand, are generally not security hardened without additional measures that need to be installed, implemented, and maintained.

We’re seeing lingering doubts around security with cloud communications ease. But, any business eyeing cloud and premise-based services must evaluate risk factors and comfort levels before determining the best approach.

This article originally appeared on the Broadsoft blog.