One of the most often-cited inhibitors to the implementation of cloud-based computing is concern over security. But cloud-hosted environments actually provide many benefits that make them more secure than on-premise solutions.
A common objection encountered by MSPs who deliver IT security services that are hosted "in the cloud" is the perception that somehow these services are more risky than on-premise solutions. For example, in multiple Gartner surveys, security is cited as the No. 1 inhibitor to the adoption of cloud-based computing.
Many IT professionals have a preconceived notion that cloud computing will be less secure than what they can deliver themselves on premises. In a recent PerspecSys survey of 130 IT security professionals, 66 percent said they still view the cloud as more difficult to secure than on-premise options.
On-premise customers own and manage their own IT infrastructure, whereas an MSP uses infrastructure-as-a-service solutions from a service provider such as Amazon EC2 or Azure, or managed or dedicated hosted environments.
Classes of threats and incidents
To start with, do managed and cloud environments hosted by MSPs actually experience different classes of threats or different frequencies of incidents? This study suggests that the frequency and diversity of threats is actually lower for cloud-hosted environments than for on premise. While this is instinctively difficult to accept (especially the frequency part), it is more palatable to accept that misconfiguration-related incidents are far greater on premise.
Attacks are less likely to be successful in the cloud-hosted environment because MSPs are much more likely to use standardized system configurations, support a narrower range of use cases, benefit from the relative maturity of the IaaS industry, and have dedicated staff that monitor and manage the infrastructure. These are much less likely at the typical small/midsize enterprise.
For many organizations, a poorly protected password, a lost mobile device or a disgruntled employee is likely to be a bigger risk than any targeted attack from the outside. Internal policies and procedures to prevent internal breaches can be implemented regardless of where infrastructure is located. In fact, having a cloud provider involved may actually reduce the risks of an internal breach. From a user's perspective, the insider threat is reduced because, first, the physical equipment is not accessible to employees; second, the MSP will implement a broader range of security features than the typical small or midsize enterprise; and, finally, a cloud-based solution may offer more options to minimize or shut down an attack swiftly and recover data if there is a breach.
Three-pronged innovation strategy
As noted here, MSPs "can offer a three-pronged innovation strategy. First, these companies employ a huge team of experts who understand the complexities of cloud security and keep an eye on emerging threats. Second, they support a vast ecosystem of vendors that are continuously innovating and providing new solutions on the cloud platform. Finally, a cloud provider's own clients bring their concerns to the table, so all customers benefit from the remedies that are developed as a result. When it comes to cloud security, there may well be safety in numbers."
As Gartner's Neil MacDonald says, it is a mistake to automatically assume that a cloud offering is somehow les secure than an on-premise option.
EventTracker Cloud is a powerful System, Security and Application Monitoring service that enables IT Admins to easily monitor their IT operations from a web-based platform.