Security’s New It Factor
First, let’s take a closer look at the term “legacy system,” which has different connotations for different people. To some, it refers to the old mainframe, dumb-terminal applications from the 1970’s and 1980’s. To others it may imply the client/server systems or first-generation web-based business applications of the 1990’s. While these systems are often dismissed as old, rare, and irrelevant, they are actually still in widespread use, though they may have different user interfaces. For our purposes, a legacy system is any on-premises, internally managed system.
Alternatively, we have cloud-hosted environments managed by a vendor on behalf of customers. Here, client software and data are stored on off-site servers, and made available remotely via private internet connections. Cloud-hosted environments are quickly growing in popularity as they provide businesses with scalable, flexible solutions without the requirement of internal resources to manage them. However, misconceptions still exist that cloud computing is inherently less secure than traditional architecture approaches. This paranoia is largely due to the fact that the approach itself sometimes feels insecure, with your data stored on servers and systems you don’t own or control. However, personal control does not mean personal security. The physical location of your data matters far less than the means of access and level of cybersecurity protection. You can store your servers in your own locked security closet right next to your desk if it makes you feel better, but without regular and expert focus on security and governance protocols, your data might as well be left exposed on a public connection at the local coffee shop.
In fact, organizations managing on-premises systems are statistically more likely to suffer a web application-based attack versus a cloud-hosted environment. A State of Cloud Security Report by Alert Logic found that on-premises environment users experience an average of 61.4 attacks annually, while service provider environment customers averaged only 27.8.
While being attacked less, cloud service providers also routinely employ higher levels of security protocols and expertise (which sure come in handy when facing an attack). IT professionals monitor cloud infrastructure 24/7 for potential security threats. Cloud providers also undergo yearly audits to protect against flaws in their security-systems. And when it comes to controlled access, the cloud is the equivalent of going to the beach and keeping your valuables in the hotel safe versus hiding it in the toe of your shoe. When your information is stored off-site in the cloud, employees, vendors, and visitors are physically separated from mission-critical data—which is a good thing. And when we say physically separated, we don’t just mean a locked door after business hours. The amount of human risk and exposure sharply decreases in a cloud architecture, especially if access to cloud-hosted data is limited to need-only, or principle of least privilege (POLP), permissions.