To survive, businesses need to adopt technology quicker than ever before. Having your business processes aligned among employees, facilities, products, services and customers to free up time and space for innovations and planning is now a must and not an advantage.
It seems, however, that digitalization is happening at a much faster pace than many businesses can still digest, and the result is often faulty assumptions of an ongoing trend. One such wrongful idea is that moving to the cloud is a dangerous step for the business as it would expose it to uncontrolled attacks and vulnerabilities.
With this article we hope to shed light on cloud security compared to on-prem security, and help you make an informed decision as to what to choose.
Cloud is a network of servers where data is stored and managed remotely and users can access it over the Internet. Users rent the hardware hosted at the provider’s premises and pay on a monthly basis for cloud service and maintenance.
Location Independence. When you store your files on a regular PC, you can access these files only from that specific computer. If you upload your files on Google Drive or iCloud (both are cloud-based), however, you will access them from any computer or mobile device as long as you are connected to the Internet.
Doesn’t that seem like a useful feature for businesses too? It certainly does. Cloud enables employees to access important data and work and communicate from any location in real time. They collaborate better and enjoy location independence. And, for organizations that are concerned as to who has access to what information, cloud allows custom restriction of chosen devices.
Flexibility. Cloud is flexible when it comes to companies with fluctuating scalability or seasonal business. You can easily scale up or down your cloud capacity depending on your business needs.
Affordable pricing. The beauty of cloud computing is that you do not need to buy hardware and personnel to maintain it. You save time, space and money by simply renting the infrastructure and the service. The on-prem option requires hardware upgrades every 4-5 years. And what about those companies that are rapidly growing and need more space? They need to buy additional hardware, engage more personnel and pay additionally for its maintenance. Not to mention companies that are downsizing. They either have to get rid of unnecessary equipment or store it without using it.
Automatic software updates. Cloud providers take care of the software updates so you don’t have to worry or waste time and money for that. It’s all automatic.
Disaster Recovery. Cloud comes with a disaster recovery (DR) plan and equipment designed specifically to prevent unplanned outages. If a disaster such as flood, fire, etc. does occur, cloud providers take immediate measures to restore full access to the services in no time and with minimum impact. Again, DR service is included in the monthly fee.
Encryption. Cloud providers offer encryption to additionally secure the client’s data. Cloud encryption turns clients’ sensitive data into cyphers that only those with a decryption key can decipher it. Since encrypting large quantities of data consumes more of the processor’s power, having your company’s entire database encrypted by the cloud provider may become quite pricy. In such cases, cloud providers offer basic and affordable encryption or alternatives requiring less processing power such as redacting or obfuscating, or clients have their data encrypted before transferring it to the cloud.
CONS (or when the on-premises model is applicable):
Despite its many positives, cloud is not a one-fits-all solution. Depending on the business needs, on-premises or even a hybrid solution of both cloud and op-prem may be a more suitable solution. On-premises means you buy the entire set of hardware necessary to support your data on-site, as well as hire personnel to manage it.
Visibility and accessibility. Storing data “in the cloud” still seems a bit of an abstract idea to many businesses. Having a private data center allows you to see it and access it yourself at any time, and naturally gives a sense of safety. But how much time do you actually spend in your server room?
Latency. If your data requires predictable latency times, it is easier to control and distribute it via a private data center.
Customization. Depending on your organization’s needs, on-prem solution may sometimes be more customizable than cloud. Software solutions such as Dynamics, however, combine the world’s best know-how practices from companies like yours. Rarely are there businesses so unique that cloud would not be a good fit for them. After all, Dynamics solutions are highly customizable as well.
Data Encryption. If you need your entire company’s data fully encrypted, then it might be best to encrypt it and store it on your own servers. Or, as explained above, send it to the cloud after it’s fully encrypted to avoid high costs of processing power.
Laws and regulations. Certain countries and laws impose restrictions on cloud usage and the on-prem model appears still to be the only option.
Data Security on Cloud vs. On-Prem
When it comes to data storage, both cloud and on-prem are viable solutions depending on the specific business needs. Since cloud is now growing in popularity due to its easy deployment and management, less hassle and lower rates, attacks on cloud are inevitably on the rise too. As a result, many business owners believe that data stored in-house will be more secure from hackers’ attacks.
Is that really so?
According to Eric Basu, the President of Sentek Globa:
In general, adhering to good security policies and processes and from those implementing the proper security configurations and controls are the most important thing. If those are not done, it doesn’t matter whether your data is in the cloud or not, since there are very few instances left where data is not accessible from the Internet.
Hackers attack mostly to obtain access to valuable data or to cause mischief. Infosec Institute has researched several different infamous cyber attacks at different organizations such as Target, Home Depot and Apple iCloud. Based on the research, they made an educated guess that hacks are successful where human error is present, and not whether you have deployed cloud or on-prem solution.
I think what we’re seeing now, when it comes to the Cloud and security, is a bit of a myth that the Cloud is less secure. I’ve heard this many times, but it does not seem to be true in real life.
— David Linthicum, Senior Vice President at Cloud Technology Partners
Human error causes data breaches even when hacks are absent. Employees send information to unauthorized persons, lose their computers, forget to logout, fail to perform regular updates and maintenance. In fact, most data breaches are caused precisely by human error:
Last year, we identified human error as the leading cause of incidents (37%), followed by phishing/malware (25%), external theft of a device (22%), and employee theft (16%).
Is Cloud or On-Prem More Exposed to Human Error Then?
As explained earlier, private data centers require you to take care of your hardware and possibly software all on your own. In this case, your data is as safe as you can trust your own competences and those of your own employees. Quite often when we compare the on-prem security measures our clients take versus our cloud security, we discover that they are touching the minimum to barely ensure any safety at all. And, if they want to catch up and upgrade their in-house servers with the latest security methods, the expenses become unbearable. At the end, they either switch to cloud or remain their hardware unprotected.
Whether it’s due to negligence (sending an email with sensitive data to the wrong contact) or it’s purposeful (when an employee is quitting job), most breaches are in fact inside jobs. Having your hardware structure on-site is practically more exposed to attacks and human error than the cloud. After all, technology is just as good as the people standing behind it.
With cloud, risk is reduced as data is in the hands of cloud providers such as Intelligent Systems who are experts in data maintenance. Cloud providers are constantly upgrading their competences to the latest trends in data security. They invest in top-notch technology and recovery procedures so you can simply rent it and forget about it.
Q: If my data is in the cloud, who else has access to it?
A: Cloud providers follow strict and proven guidelines by Microsoft (Sure Step/Trust Center/ISO certifications) to ensure security and minimize risk. No one except you has access to your data in the cloud, regardless of whether you can physically see your data or not. They are certainly not working with your actual data and will never distribute it to third parties by mistake or on purpose.
Q: If my data is stored in-house, I can better protect it from malicious threats.
A: Cloud is proven to have a higher uptime due to 24/7/365 monitoring. What’s more, cloud providers constantly apply security patches and update virus signatures, and invest a whole lot of time and resource in security systems.
Q: How do I choose a trustworthy cloud provider?
A: Whether you choose on-prem or cloud, it’s your responsibility to research the best option for your specific needs. Note, however, that trustworthy cloud provers are transparent and update you on their work on a regular basis. They will also guide you through the security measures they take to protect your data from hacker attacks, human error, hardware outages and disasters.
So, is your data more secure in-house or is it just a feeling?
Drop us a line. Let’s talk cloud.