Fear On-premise Security, not the Cloud
While considering the many benefits of making the switch to the cloud—including a flexible environment, infinite scalability, and scale enhanced production—the question remains: “What about security?”
When you compare the security of the average business’ in-house server solution to the security solutions offered in even the least secure of the massive cloud data centres, you’re still likely better off in the cloud environment. As time goes on, and evidence of this increase in security capabilities is made manifest, we have slowly seen the line of questioning shift from wondering why making the move makes sense, to questioning why more businesses haven’t made the move already.
A Reason for Concern?
Concern over cloud security is not unfounded. During the early days of cloud usage, security companies haphazardly migrated their systems, paying very little mind to the potential security risks. This disregard for improving security isn’t a fault of the cloud itself, but rather, a fault of poor IT and migration processes, since moving security tools designed for traditional architectures to the cloud platform stretches these tools to capacity.
For years the cloud progressed forward at a rate that far outpaced the security safeguarding it. Fortunately, this is no longer the case, with cloud tools for security quickly coming to outmatch those available within their non-cloud counterparts. It's likely your company is in need of a better approach to security than you have today, and cloud providers offer just that. Migrating to the cloud provides your business with access to levels of security that, previously, would have been largely unattainable for most businesses at the in-house server scale.
According to author and industry leader David Linthicum, “On-premises systems—not cloud-based workloads—have been the favourite target of hackers in the last several years.”
Linthicum goes on to explain that the preference towards targeting on-sight solutions is a result of improved security efforts on the part of cloud providers collectively, with cloud providers offering the latest and greatest security technologies. He feels that moving to the cloud platform is an opportunity to take the target off a business.
Cloud Paranoia: Good for Security
It's not unlikely that your present security solution is far from up to snuff. This is unsurprising given the constant rate at which improved technology security is being developed in order to keep up with the ever-quickening pace of security threats. Cloud providers today know this better than anyone, making them more paranoid and attentive to potential security threats than the vast majority of businesses operating an on-sight solution.
But if cloud providers invest more in security and hackers target on-site solutions more often, then why all the paranoia surrounding security? Well, because all it takes is one slip up in terms of security to utterly decimate a cloud provider’s favourable image with customers and the general public. The pressure is on for large scale cloud companies, and they know that security systems require constant work, attention, and updates to ensure the security of their customers’ data and their companies' reputations.
A World of Misinformation
It's important for a prospective cloud client to understand that there is an absolute ton of misinformation online, with conflicting information coming from proponents of both on-site and cloud solutions. Many self-serving on-premise solution providers use such information to promote fear of the cloud, while simultaneously, cloud providers often overhype the benefits while downplaying the risks in order to promote adoption of their platform. Because of all this misinformation floating about on both sides of the issue, traversing this divisive discussion over cloud vs. on-premises solutions is like walking a minefield of misleading headlines and manipulative survey data.
Often, when an on-premises solution provider is trying to drive potential customers away from the cloud, they’ll present survey data that touts claims such as: “92% of surveyed IT pros are concerned about shared cloud infrastructure’s security.” What this survey doesn’t tell us about is the actual stats for cloud breaches vs on-site breaches, nor does it reveal what percentage of IT professionals are concerned about the security of on-site solutions, which we suspect is a lot of them. It's likely that most of the worry regarding the cloud is driven by the very natural fear of change, and lack of control, which is often exhibited to an even greater extent by IT professionals who are in the business of ensuring that your company’s critical data is secure.
At Pareto, we aren’t afraid to admit that we LOVE the cloud, and feel it is the future of enterprise IT. So sure, our article may be trying to push the cloud platform, but that’s only because we want your business to succeed, and we genuinely believe the cloud is the best way to make that happen.
So verify cloud providers' claims, and verify our claims—but do so doubly with claims that try to steer you away from the cloud, as it's unlikely the numbers actually support their claims.
The Cold Hard Facts
The cloud has got your security beat, believe it. Cloud providers excel in two critical security areas: threat prevention and threat detection. Let’s start by looking at that first one, prevention. When we talk about your data and talk about prevention, what we are really talking about is a companies’ ability to ensure that none of its data is lost, potentially corruptible, or under threat of theft. If one were to look specifically at prevention as it pertained to Microsoft Azure (Microsoft’s cloud platform, and host of Pareto’s PBE3 Sandbox ERP) one would see that the Azure Security Centre is well equipped to prevent threats from accessing your company’s data. The platform comes equipped with a number of elements which secure your data, including multiple layers of encryption, role-based access, and more.
When it comes to ensuring the security of your data, prevention is just the first level, with the ability to monitor the system for possible breaches in that protection also being critical to your success in the cloud. Azure knows that without powerful threat detection software and methods in place, there can be no reaction to incoming threats. That’s why the Azure Security Centre uses some of the most advanced threat detection methodologies in the industry, far exceeding the methods and practices of even large-scale operations who have opted to work on-premises.
The Microsoft Azure team has released three excellent videos going over the Azure Security Center and both the threat prevention and threat detection capabilities on the Microsoft Azure platform. These videos are great resources for those wondering what security in the cloud might look like for the user, and we honestly can’t recommend watching at least the first one enough.
If you were to try to deploy tools of this kind within your on-site solution, you would quickly find that the required investment in infrastructure too expensive, and the teams required to manage them unrealistic. In the cloud these things are available as options in your subscription model. This means that, should you want to engage any of these features in the defence of your system, this can be done with a few simple clicks. Ultimately, systems are only as secure as a company makes them. Be it in the cloud or on-site, systems security depends on the technology and planning that went into its implementation.
A Clear Decision
It's more than evident that becoming part of the cloud is the future of industry, as well as our daily lives. We see it constantly in the little aspects of our lives. From interacting with friends over a cloud service like Facebook or storing our family photos in OneDrive, the cloud has become a trusted item within households across the globe. If we are so ready to trust it in our personal lives, then why are so many businesses discomforted by the idea of transitioning their business to this household platform?
While it's prudent for enterprises to second-guess the security of their data, it's vital for them to understand two things:
1) The cloud has more invested in security
2) Control doesn’t mean security, and it never has.
“But surely,” one might assume, “if I’m in control of my data, I can have a better hold over its security.” Unfortunately, this line of thinking is extremely misguided, as security has little-to-nothing to do with the physical location of your data. What is important is the actual security measures in place, including access protocols and firewall tests. It's certainly understandable to better trust yourself with the security of your business’s data, but, while internal IT environments may make your data feel more secure, the truth is that it is likely at greater risk than if it had been in the cloud.
If you are among those individuals pushing back against using cloud computing for your business while citing security threats as your reasoning, you are likely misguided in this endeavour and doing your business a major disservice by continuing to resist progress. There may be cases where on-premise security is truly up to the same level, but those scenarios are uncommon. Getting your IT in the cloud has a plethora of benefits and can provide a considerable boost to return on investment. Further, the security of the cloud is always up to date, patched, scalable, and available, without the need for near round-the-clock maintenance from a dedicated IT staff.