On-premise data centers vs. the cloud: which environment offers stronger data security?
Business leaders sometimes balk at storing sensitive data in the cloud. They fear losing control over the security of their data. It also seems more comforting to walk down the hallway to an on-premises data center and visually see the physical systems where the data is stored.
Ultimately, the security provided by the cloud versus an on-premises data center comes down to the people, the processes, and the technologies in play. With the right expertise applying best practices and up-to-date hardware and software, either environment can provide the necessary protection for your company’s digital assets.
In most cases, if you collaborate with a leading cloud platform provider and a third-party consultant to manage your cloud environment, your data will be more secure in the cloud. The leading cloud platform providers offer end-user authentication and identity management services as well as encryption for data downloaded from the cloud to ensure the highest standards of security.
Drawbacks of Storing Data On-Premise
In the cloud, you will also likely spend less on security, and the effort to maintain your security posture will be more efficient. That’s because if you keep your data on-premises, you will either need to hire high-end IT security professionals or rely on your IT sysadmin team. The former comes with paying a high salary and benefits costs. The latter choice runs the risk of over-burdening your IT team and relying on general IT experts who may not be well-versed in security.
Internal IT resources are also hampered by their narrow exposure. All they see and work with is your IT infrastructure. Conversely, external cloud professionals work with a wide range of customers across various industries. This gives them a much broader perspective on security best practices and processes, which need to continually evolve in order to keep pace with all the cybercriminal activity that grows ever-more sophisticated over time. That’s a perspective that’s simply difficult for internal teams to gain.
Storing data on-premises means you will also need to invest in security tools and keep them patched and upgraded on a regular basis. That adds further to your costs, and it’s very easy to lose track of a tool that requires an update—which means the tool won’t always perform at optimal capacity.
Another data security aspect that can be challenging for internal teams is the ability to access and process external threat intelligence. It’s not enough to create a strong internal security posture; you also need to know about the threats that lurk in the wild and may soon “knock on the doors” of your security perimeter. The trouble is, there are many external sources to monitor, and syncing all the threat information they produce with your internal tools requires specific expertise and threat management technologies.
When Public Cloud Environments Are Not an Option
For companies who handle sensitive data, like those in the financial and healthcare sectors, storing data in public cloud environments may not be an option, or it may be prohibited by regulations. And if the thought of your data residing somewhere outside of your physical building simply keeps you up at night, the stress of using the public cloud simply is not worth it.
A possible alternative is to consider setting up a private cloud in your on-premises data center. You can also consider a virtual private cloud environment offered by a co-location data center facility. Both of these approaches give you a hybrid environment that may be the next-best-thing to on-premises data centers that have no connections to the Internet.
Security in the Cloud Does Not Happen Automatically
While the leading cloud providers can help you address all these challenges, it’s not just a matter of tapping into their services and assuming all your security challenges will go away. Just as you would with an internal data center, carefully vet your cloud provider to assess the people, processes, and the technologies they provide. Only then can you make sure a cloud provider will sufficiently address your security concerns.
It’s often a good idea to work with a third-party cloud security consultant. Although the major cloud platform providers like AWS, Azure, and Google provide access to all the security tools you will need, they do not automatically configure your environment to leverage these tools. You need to know how to turn them on, how to monitor them, and how to manage the services over time. That’s where a consultant or cloud managed services provider is vital.
You may have internal resources capable of monitoring and managing cloud security tools, but this is another case where it’s usually better to rely on an external partner with broad security best-practices expertise. Better to allocate your internal team to make sure applications perform well and to help end-users who need technical support.
Understand the Shared Responsibility for Cloud Security Model
When storing data in the cloud, it’s also critical to understand the shared responsibility model for cloud security. While cloud providers take measures to protect the hardware infrastructure of their environments, you are ultimately responsible for the security of your data and your applications. Also, be sure to identify any third-parties that have access to or provision specific services in your cloud environment.
For example, your cloud provider may rely on an external service provider for anti-virus protection, or you might run an enterprise application in a cloud environment brokered by the application vendor but hosted by a co-location facility. It’s vital to identify everyone who is involved, and their role in protecting your cloud environment, the security controls each entity is responsible for, and if any security gaps exist that create a risk to your environment. A project plan must then be put in place for the responsible party to close those gaps and to ensure your cloud security posture complies with pertinent regulations.
A common challenge that many businesses encounter when it comes to shared responsibility is the lack of visibility into the security controls that cloud providers have deployed—they don’t always share this information with their customers. Ideally, you want to work with your cloud provider to create a shared responsibility matrix that provides clarity across security control responsibilities and defines which ones are owned 100% by one entity, and which ones are shared by multiple entities.
All this underscores the importance of once again—the people, the processes, and the technologies that are in play to protect your data and your other digital assets. No matter whether your data resides on-premises, in the cloud, or in both environments, be sure to utilize the necessary expertise, best practices, and the leading security tools.