Story image

Mythbuster: Which is more secure? Cloud or on-premise?

09 Jun 2015

What’s your IT security like?

What are you doing about antivirus protection? What is your email, web and input security solution?  What type of firewall do you have, and how robust are your firewall rules and perimeter security?

Have we lost you already?

If you’re like a lot of Kiwi SMBs, you may well think your data is best kept safely tucked up on premise, near you. For most, however, that’s a dangerous assumption.

Chris Maclean, from Maclean Technology, says on-premise security in SMEs tends to be unmanaged, with an appliance purchased from a vendor, configured and customised to suit, then left to do its job without regular updates and log checks.

“Without keeping the appliance updated, the customer isn’t getting the protection level they think they are,” Maclean says.

The best appliances are also often out of reach of the more modest budgets an SME will often apportion to network security, leaving SMEs without the benefit of the high-end intelligent features large enterprises use to analyse patterns and, crucially, prevent new attacks.

“The lower budget devices rely on matching known patterns,” Maclean says. “So they typically are not able to stop the newest attack methods. This means it’s doubly important to keep the patch levels up to date and continue to monitor the logs.”

Maclean says monitoring logs comes with its own expertise requirements, something an SME is typically not prepared – or able – to invest in.

“Most SME clients we talk to have some security measures in place, but still have gaps in their security.”

While there remains a persistent line of thought that the cloud is inherently less secure than on-premise, cloud providers need extremely robust and multi-layered security.

There aren’t many SMEs who invest in perimeter security for their site, have security guards on hand 24x7, enforce two-factor authentication, have multiple keypad controlled doorways into and out of their server room, and spend the money required to have the best possible security appliances money can buy.

“From a technology and social engineering of staff perspective, a cloud’s data centre is inherently much more secure than most SMEs,” Maclean says.

Even the ‘security by obscurity’ argument, which suggests cloud providers could potentially be more obvious targets for attackers, is flawed.

“Just like opportunistic thieves, most hackers prefer to go for the quick win,” Maclean notes. “It really isn’t that much harder for them to locate a smaller business with much weaker security, and breach that.”

In fact, the majority of breaches occur in the SME space and go largely unreported - unlike the rarer high profile attacks on well-known enterprises, which garner headlines.

Late last year Vodafone identified that 56% of New Zealand businesses experience IT security attacks at least once a year. Yet 20% of businesses with one to nine full-time employees admitted they weren’t investing in IT security at all.

Meanwhile MYOB’s Digital Nation report, released in April, shows losing access to data is a key concern for Kiwi SMBs, along with hackers gaining access to business data and losing control of data.

The cryptolocker ransomware which hit headlines last year was most successful against smaller businesses that hadn’t invested in the best possible edge security they could get.

“They’ve often been found lacking in their backup and DR as well, so have had to pay the ransom to get their businesses up and running again.”

Cloud providers meanwhile, have to prove their security, even before they launch a service.

“A cloud provider has the funding behind it to invest heavily in its security technology and apply it all the way from the edge, down to individual tenants.”

 “It’s important that the platform we offer can maintain absolute, secure separation of customer data while being able to efficiently deliver compute from a shared platform,” Maclean says. “We couldn’t do this without purchasing the very best equipment available and having it configured by the very best engineers in the industry.”

On top of this, cloud providers typically have to architect their platform for keystone customers, which often means making sure the platform complies with independent security standards, such as PCI DSS for customers who hold credit card data; privacy law compliance and often, the standards of other countries when providing services internationally.

Cloud providers can give smaller businesses the enterprise grade security that is normally out of reach, due to costs, Maclean notes, and take away the complexity of managing security, enabling SMEs to get on with their own business.

“That’s where the efficiencies of shared – or hybrid – cloud platforms are realised.

“A small customer only has to pay for a small share of the security platform the cloud provider has invested in, but reaps the full functional benefits of it – pay a fraction, get it all.”

61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
VMware allures APJ channel veteran to take the reins
Balasingam will take on the role of vice president for VMware’s partner business in Asia Pacific and Japan (APJ).
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Opinion: Modular data centers mitigate colocation construction risks
Schneider's Matthew Tavares believes modular data centers are key for colocation providers seeking a competitive advantage with rapid deployment.
Alibaba Cloud opening up data centres & services for AU businesses
At its dedicated China Gateway Summit held in Sydney, Alibaba Cloud announced its new programme for Australian business partners and clients.
VMware announces new features in WMware Cloud, Dell EMC integrations
VMware announced VMware Cloud Foundation 3.7 is expected to be available on Dell EMC VxRail in VMware’s Q1FY20.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.