In The House Or In The Cloud: Which Is More Secure?

Uploaded on 2017-10-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Whether you are upgrading old servers because of business expansion, or considering moving to the cloud because your IT infrastructure is out of date and does not support your business as it should, there are many reasons to deliberate carefully before choosing an in-house or cloud service delivery model.

It’s a tough decision that will profoundly affect your business and the management of day to day operations.

Cloud technology is fundamentally changing the IT perspective, the way we work and communicate, but the decision about where to store company data can nevertheless be a headache for managers. Enterprises are ever more willing to adopt cloud services because of the efficiency and flexibility they bring.

Technology has moved forward, and we can easily find compelling reasons to change our business model from an in-house data center to one based in the cloud. The benefits of using cloud-based solutions are obvious, they provide fast and easy deployment of infrastructure, a reliable environment and lower TCO.

Nevertheless, security concerns can dissuade decision-makers from having sensitive data processed outside their companies.

In this context, legal requirements related to data protection and contractual liability can both be deal breakers, but the fact is that cloud security does not have to be an issue today, as the majority of providers have adopted the best security practices to protect their resources and are certified to common security standards.

Despite this, there are lingering concerns that cloud computing is less secure than the traditional approach. However, is this really true?

It is based primarily on the fact that CSOs feel uncomfortable with important company files or personal data stored on servers which they cannot physically control.

However, security is not the only aspect of exercising such physical control. You might, after all, develop and maintain your own IT system from scratch, but without rigorous attention to security it will not be as secure as you would expect, and that is true whether it is based in the cloud or in-house.

Without the right security strategy and best in class technology, both approaches can be unsecure. Thus, the real question to ask yourself is whether you feel comfortable with the security of your systems?

Data loss protection, data encryption, access control, anti-malware and DDoS protection are just a few of the areas you need to address. Secure data processing requires highly trained and experienced engineers, investment in security infrastructure and appropriate security governance. With that in mind, can you say that you are truly at ease with the effectiveness of your security?

Today, the real question is not whether we should outsource IT infrastructure, but when we will be ready to do so. Of course, switching from a traditional in-house environment to a cloud-based service is a tough choice for managers, and each of them can find different reasons to do that.

Appropriate risk assessment and IT operation analysis need to be carried out in order to make the most appropriate decision. Business expectations and the necessity of data protection are changing. They are getting more demanding. Fulfilling data availability and confidentiality requirements impacts heavily on the way IT should support business.

Establishing a reliable partnership in the areas of data center and cloud services may prove by far the better option in terms of business operation and security management when compared to your in-house solution, with the former delivering greater financial and operational benefits in the long-term.

So, cloud-based or locally-hosted? There is no one good answer, no definitive ‘best’ service delivery model for storing your company’s data. Rather, there is a ‘most appropriate’ model that depends on the unique requirements of your business, the size of your company and your budget.

For large enterprises, the decision may be strategic; for smaller companies, it could be about finding the only reasonable way of building IT structures.

InfoSecurity:

You Might Also Read:

Put Your Physical Security Into The Cloud:

Cyber Security Risks Of Cloud Computing:

« Big Data - Big Changes Coming
AI Makes People In Your Business More Important »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.