Data Security: On-Premises Versus the Cloud
Some companies have a bit of a Scrooge McDuck perspective about data security. Like the excessively-wealthy fictional duck who enjoys literally swimming in his wealth, companies sometimes have a hard time shaking the feeling that their most important assets need to be locked up on-premises.
According to his online bio, Scrooge McDuck was born into poverty in 1867, so you could excuse him for having old-fashioned ideas about security. But these days a smart duck like him would probably recognize that having so much cash laying around isn’t the best way to protect his assets. If an unsavory individual were to help themselves to a handful or two of the riches in his vault, there’s little he could do. Scrooge needs to ask himself whether having money on-premises is really safer just because he can go see it any time he wants.
It can be difficult to shift strongly-held beliefs, especially in a world where everything is changing so rapidly. There’s a natural tendency to feel that servers you can see and touch are safer because you have direct control over all security measures. But just as the physical bank vaults of yesteryear are being re-purposed into restaurant dining rooms and meeting spaces, on-premises data is moving to the cloud for increased safety and flexibility.
The many dimensions of data security
There’s no question that data security is – and has to be – a vital concern for all organizations. Attacks by bad actors, including the recently-discovered on-premises Exchange vulnerability, consistently puts cybersecurity at the front of the news. However, the decision to house data on-premises or in the cloud needs to take into account multiple dimensions of security. Before we return to cybersecurity, let’s take a look at the other things keeping data security teams awake at night:
Physical security – On-premises datacenters must be secured from intruders, but if they’re co-located with other operations, there are simply more opportunities for unauthorised personnel to enter. Cloud datacentres are purpose-built and include redundant physical security, including fences, guards, surveillance, and modern biometric access systems.
Employees and contractors – On-premises systems provide more opportunities for insider break-ins, including both direct and human-engineered hacks. Cloud environments follow strict protocols to diminish this kind of vulnerability.
Natural disasters – Every region has its own potential for natural disaster, whether it’s earthquake, hurricane, tornados – or some of each. Not only does your on-premises datacentre need to be shored up against physical and cyber intruders, it must be able to withstand whatever nature can throw at it. A cloud environment can be configured with geographically-dispersed redundancy that will stand up even when a key corporate location needs to go offline.
Local disaster – Redundancy built into a cloud or hybrid configuration can also mitigate the impact of a building-specific situation like a fire, blackout, or burst water pipe.
Cybersecurity in the cloud
The levels of security available today in cloud environments would blow Scrooge McDuck’s feathery mind, and he’d probably be more surprised to find out that the cloud is often the more economical option. Let’s take a look at the cybersecurity benefits of the cloud:
Automated patching and security management – Cloud environments undergo consistent, centralised patching and security administration so there are faster updates to protect against threats.
Newer technology – Many on-premises data centers were built over time and include disparate systems that are more difficult to support. Top cloud providers maintain the latest technology in order to give their customers more computing resources, making it easier to apply upgrades.
Resilience to more sophisticated threats – Cloud environments invest in highly resilient layered defenses and better authentication protocols that create multiple barriers for attackers. It’s difficult for individual companies to keep up with these costly security tools.
Top cybersecurity pros – Cloud providers commonly attract the best security professionals and keep their skills sharp. It’s difficult for individual companies to hire and maintain such a well prepared security team.
Monitoring and automation – Cloud environments are typically monitored from a centralised location, allowing traffic analysis to identify vulnerabilities. In fact, Microsoft uses cloud-scale machine learning systems to detect and remediate attacks in real time. These automated tools dramatically increase the effectiveness of IT security teams.
Ensuring top-notch data security is complicated since it involves both physical measures and layers of IT security measures. Many organisations are moving to the cloud after realizing their on-premises environments can’t keep up with the security the cloud can offer. However, it’s still vital to perform due diligence and assess what kind of environment provides the most advantages in your particular situation.
In some cases a hybrid structure – in which some systems stay on-premises while others migrate to the cloud – will be the best approach. The answer to this question may go beyond security to take into account the functionality required of each system. For example, while Microsoft 365 and Teams offers more flexibility in the cloud, systems that have undergone extensive customisation may need to remain in their legacy servers for a time.
Even though Scrooge McDuck is rather old fashioned, you’ve got to think he’d be a fan of the very best security given his enormous fortune. Perhaps he just keeps his money room around for the occasional indulgent swim.
This is an article I wrote for the BitTitan blog.