Is the Cloud More Secure than Legacy Systems?
Back in the olden days (pre-internet), business networks weren’t nearly as complicated to secure. In fact, adding an extra layer of security would likely have comprised of literally adding an extra layer of brick to your office’s perimeter wall, or barbed wire on top of the fence, as any data theft would have required physical access. It was a time of less data risk, when security was not a design issue, and computer crime was rare. Well, you don’t need to watch a TED talk video on your smartphone to tell you that the world is different now. With your data, brand, and business all on the line, the question then becomes, which computing environment is the most secure – legacy on-site servers and applications or off-site servers and the cloud?
First, let’s take a closer look at the term “legacy system,” which has different connotations for different people. To some, it refers to the old mainframe, dumb-terminal applications from the 1970’s and 1980’s. To others it may imply the client/server systems or first-generation web-based business applications of the 1990’s. While these systems are often dismissed as old, rare, and irrelevant, they are actually still in widespread use, though they may have different user interfaces. For our purposes, a legacy system is any on-premises, internally managed system.
Alternatively, we have cloud-hosted environments managed by a vendor on behalf of customers. Here, client software and data are stored on off-site servers, and made available remotely via private internet connections. Cloud-hosted environments are quickly growing in popularity as they provide businesses with scalable, flexible solutions without the requirement of internal resources to manage them. However, misconceptions still exist that cloud computing is inherently less secure than traditional architecture approaches. This paranoia is largely due to the fact that the approach itself sometimes feels insecure, with your data stored on servers and systems you don’t own or control. However, personal control does not mean personal security. The physical location of your data matters far less than the means of access and level of cybersecurity protection. You can store your servers in your own locked security closet right next to your desk if it makes you feel better, but without regular and expert focus on security and governance protocols, your data might as well be left exposed on a public connection at the local coffee shop.
In fact, organizations managing on-premises systems are statistically more likely to suffer a web application-based attack versus a cloud-hosted environment. A State of Cloud Security Report by Alert Logic found that on-premises environment users experience an average of 61.4 attacks annually, while service provider environment customers averaged only 27.8.
While being attacked less, cloud service providers also routinely employ higher levels of security protocols and expertise (which sure come in handy when facing an attack). IT professionals monitor cloud infrastructure 24/7 for potential security threats. Cloud providers also undergo yearly audits to protect against flaws in their security-systems. And when it comes to controlled access, the cloud is the equivalent of going to the beach and keeping your valuables in the hotel safe versus hiding it in the toe of your shoe. When your information is stored off-site in the cloud, employees, vendors, and visitors are physically separated from mission-critical data—which is a good thing. And when we say physically separated, we don’t just mean a locked door after business hours. The amount of human risk and exposure sharply decreases in a cloud architecture, especially if access to cloud-hosted data is limited to need-only, or principle of least privilege (POLP), permissions.
As more businesses adopt the cloud, it is inevitable they will see tangible benefits, such as improved business efficiency, easier scalability and flexibility, and yes—better security. Big data, virtual reality, and the Internet of Things (IoT) all currently dominate the industry spotlight, and their adoption is positioned to accelerate in the near future. All these new technologies also just so happen to work in tandem with the cloud. This greater reliance on cloud services should quell any remaining security concerns, and soon become the industry security standard (if you happen to be in the minority of IT professionals who don’t already believe it is). For more information on cloud-hosted solutions, including secure cloud communications, for your business as well as security solutions to protect your connections to the cloud, visit kineticbusiness.com.