On-premises vs. Cloud: A Rational Analysis
Cloud security continues to generate hype.
In fact, SC Magazine got two SMEs together to talk about whether hosting data in the cloud is more secure than hosting data on-premises.
Even though we have come a long way from the early days of cloud security fear, and even though users and providers have gained more confidence in cloud security practices, misconceptions still persist.
Some assumptions include:
- Hackers have easier access to cloud security settings.
- Once your data is hosted in a cloud environment, it’s exposed to the whole world, and you lose control.
- Data in the cloud is easier for anyone to access.
The Case For and Against On-premises
As a proponent for managing data in-house, Dan Timpson (VP of technology for DigiCert) gave his take on why on-premises is the safer route compared to cloud.
“On-premises solutions give users 100-percent control over their own SSL certificate keys and critical system security, and then it’s their responsibility to ensure privacy and data security. With on-premises, one has better visibility into the lifecycle of one’s own data and where attacks are coming from.”
Timpson makes some fair points. Ideally, it might be easier to manage and control your data when you know where it resides, while having full access and control.
But his point about it being “your responsibility” is important.
Unless you have a dedicated, integrated physical and digital security approach to host your most critical information and that security approach incorporates consistent testing and monitoring, you can’t cover as much ground as a cloud service provider.
Mid-market organizations don’t always account for these consistent privacy and data security practices. Just given the lack of manpower and internal resources, they can be hard-pressed to honor their security responsibilities. If these organizations aren’t able to keep up with the demands, they are always going to be more vulnerable.
The Case for Cloud Data Security
Pete Nicoletti (CISO for Virtustream), who argued for cloud-based security management, had a solid counterpoint to Timpson’s statement.
His take: While security isn’t the core competency for most enterprise and mid-market organizations, it is the core competency for cloud vendors.
Vendors have the in-house resources and expertise to deliver repeatable and sustainable security practices that have been tested and verified.
The reality is that the cloud is likely no more of a danger zone than your very own in-house IT infrastructure.
Furthermore, Wieland Alge, VP and GM of EMEAR at Barracuda Networks, explained, “Almost all of the massive data breaches we’ve seen as of late were within traditional on-premises IT. Sometimes we are too quick in stating that the cloud is an inherently insecure element.”
With the right cloud provider, data security doesn’t have to be such a stress point.
How safe can a cloud provider get?
Physical security is an area often overlooked by customers who maintain on-premises systems. A former NATO command center located in Maine with staff onsite 24/7 is as safe a spot as any for critical systems and sensitive data. As a cloud practice, Oxford Networks secures its computing environment with industry best-practices and an approach to security that includes annual audits and regular testing. These enhancements complement sound internal practices that will always be part of the process of managing IT, whether in the cloud or on-prem.
Learn about the cloud questions you need to answer in our free product sheet, Choose the Best Cloud Technology Path for Your Business.