Is data more secure on-premises or in the cloud? The answer might surprise you.

    July 7, 2020

    If you’ve spent any time in IT, you’ve probably heard this one. Maybe you even believe it yourself:

    Data is more secure on premises than in the cloud.

    It’s such a fundamental tenet that you should keep your most sensitive and valuable data in your own data center, where you have complete control. Not just for security, but for compliance as well.

    But is any of that actually true? Could holding on to these ideas be holding you back from adopting cloud technologies that might not only be more secure, but improve your business? 

    There are a lot of myths surrounding the cloud and security. Let’s set the record straight.

    Data security: On premises vs. the cloud

    Obviously, it’s hard to compare on-premises data breaches to data breaches in the cloud. But if on-premises data really is more secure than the cloud, why are there so many breaches of critical on-premises data?

    One prime example: Equifax and the 147 million  consumers affected by its 2017 breach. The stolen information wasn’t stored in the cloud – it was held in a private data center.

    The same goes for Target’s 2013 data breach. And the 2014 JPMorgan Chase hack. And the 2015 Anthem breach.

    Ultimately, the physical location of the data doesn’t matter. If the data is connected to the network, it’s accessible. As a result, the attack vector is almost irrelevant regardless of whether it’s stored in a private data center or in the cloud.

    What’s important is the business processes that secure your information and the technologies that enforce these processes. These can be applied equally in a private data center or the public cloud – in fact, security capabilities in the public cloud have exceeded what most data centers currently have on premises.

    When it comes to compliance, the regulations layout the rules, but don’t say how they must be met. What you choose has nothing to do with technology and everything to do with how you interpret your legal requirements. Big banks are moving to the cloud in droves.

    If security and compliance aren’t determining factors for where data should live, what should you consider?

    Physical space and automation

    The COVID-19 pandemic forced more organizations to turn to remote working than ever before.

    Yet, as stay-at-home restrictions loosen and companies begin implementing plans to return employees to the workplace, many businesses are sticking with substantial remote working for the foreseeable future and downsizing their office space.

    In some cases, the new office space will be too small to accommodate an on-premises data center, leading many organizations to shift into a colocation center. In other cases, they may move business workloads into the public cloud.

    It’s unlikely, however, that companies will look to store their data in just one place. Still, the most successful companies will be the ones that adopt technology that enables remote control.

    That means adding machine learning (ML), artificial intelligence (AI) and machine automation to your software or infrastructure to accomplish tasks without human intervention. For example, rather than needing workers to go into a data center and physically hit a reset button, build out the data center so that maintenance can be done remotely.

    Cost and value

    In addition, cost and value should drive your decision on where to store different types of data.

    For example, big data analytics, ML and AI can be run more efficiently and more cost-effectively in the public cloud, but other systems that are running all the time, like customer data records, might make more sense in an on-premises data center.

    But it’s not one size fits all. The best place for your data largely depends on factors like budget, along with what the data is used for, how long it needs to be accessed or stored, etc.

    Data agility is the key

    Often the preference for an on-premises data center over the cloud is a human issue more than a technology issue. Maybe your company is used to the data center and doesn’t want to change its ways. It’s less about regulations and technology capabilities than about mindset.

    The location of your data matters less than the processes that secure that data. And if you ever fall behind on those processes, your data may not be secure, regardless of its location.

    Rather than letting physical location dictate your data storage decisions, place a greater emphasis on data agility. Choose the right locations for the right data based on the amount of physical space available, need for remote and automated work, and the cost and value of the various options.

    By questioning old myths and taking advantage of proven technology, you can take positive steps toward enhancing your security and improving your business operations.

    Other Posts You Might Be Interested In

    Getting To Know You: Building The Right Network

    Connections are essential in business. We’ve moved beyond simple networking to building relationships – creating close ties with customers, coworkers, and partners – that...

    The importance of disaster recovery testing

    There’s no way you’ll be successful in recovery without testing. Full stop. You might think you have a solid plan in place, but there are so many issues that can arise...

    Why Lift & Shift Is Not As Easy As It Sounds For Your Cloud Infrastructure – And Where To Get Help

    As more frequent and severe storms hit the U.S. each year, sea level rise and coastal flooding is a growing threat to communities and individuals. In fact, nearly 14.6...