Cloud or On-Premise: Which is more secure?
Posted by: Dmitry Sotnikov on: October 15, 2010
It bugs me that for some irrational reason there is still a common-sense believe that data is more protected when kept in someone’s own datacenter and not with a trusted cloud provider.
US Department of Health and Human Services (HHS) has just published data on past year data breaches in the medical industry. These only include breaches affecting 500 or more individuals and reaching the “harm” threshold defined by the current rules. Yet, there 166 of those affecting the total of 4,905,768 patients.
PHIPrivacy.net does a good job analyzing the breach data, and you can see that even in the industry which is highly regulated and paranoid about data security and privacy – data being stored locally is getting stolen or lost all the time.
Compare that to a cloud provider (pick any cloud service which you like: Salesforce.com, Microsoft BPOS, Amazon, Google Apps, Quest OnDemand) – have you heard of 166 breaches for any of those? There are good reasons why you have not:
- High security standards of the datacenters: a lot of these are compliant with SAS 70 Type I and Type II and ISO/IEC 27001:2005 – does your datacenter get formally certified that high?
- Clear segregation of duties: people running the datacenter are not your employees, they have no idea what kind of data is getting stored by who and no vested interest in seeing that data,
- Needle in a haystack effect: public clouds have multiple customers, so even if a squad of ninjas attack the datacenter and manage to steel a harddrive it will just have some bits from data from various customers in format specific to a particular application and probably encrypted – making the whole exersize completely meaningless,
- No local device data: your local laptops or mobile devices only work with remote cloud data – so if the device gets lost or stolen you loose the device, not the data.
- Security is in the cloud business model: for any credible SaaS vendor security is number one concern (see for example Quest OnDemand security FAQ). They implement specific security measures such as data isolation, audit trails, and so on.
It is just incredibly hard and costly to set all these measures and maintain them, and I find it hard to see how (apart from really select few companies) these days will have the resources to provide that level of protection and security for on-premise systems. Cloud makes things more secure. Cloud is good for you.
3 Responses to "Cloud or On-Premise: Which is more secure?"
April 3, 2012 at 11:26 am
When using cloud services one should not forget about data privacy laws in the country your data is stored or your provider is based in.. A lot of cloud service providers are american based companies. With the US Patriot Acts I would not be sure that your data is safe in a way noone might (even have the legal right to) access it.
Leave a Reply
Subscribe by email
My company’s main blog
- The Jelastic Spotlight May 25, 2012We are starting something new here on the blog for Fridays. Up until now, we were doing more light-hearted stuff but as we were sitting around talking about the different sweet apps that you, our customers, are deploying, we realized that we should be showcasing the apps and the developers! So, as of today, Fridays [...]
- Remote Access to MySQL in Jelastic: Import/Export Dump Files in a Few Minutes May 24, 2012Recently, we told you about that another cool feature that you have access to in the commercial version of Jelastic, Public IPv4. With a single click you access to a number of cool new capabilities. One of the most important opportunity you get with this feature is the ability to work with your databases remotely and [...]
- The Jelastic Newsletter – May 23, 2012 May 23, 2012Java 7 adoption, Commercial releases in Europe and Russia and Software stack market share. . . The Jelastic newsletter is a weekly round-up of news, how-to’s and contribution opportunities. Here’s what’s happening this week: Commercial Releases in Europe and Russia As we continue to grow and add partners, we are happy to say that, as of yes […]
- We are now available commercially in Europe! May 22, 2012In partnership with dogado, we are now available commercially in Germany The last few weeks have been hectic here at Jelastic! We launched commercially in the US with ServInt; then we did the same in Russian with Rusonyx; and now we have launched commercially in Europe with Germany. Now in Europe Our commercial release with [...]
- Software stacks market share: May 2012 May 21, 2012Every month we share stats on the usage and popularity of different software stacks within Jelastic PaaS with you. This month it’s even more interesting, because the scope of our stats has grown: we have a new hosting partner in Russia, Rusonyx. So, let’s check out the stats on databases, servers and JVMs for May and analyze the differences betwe […]
- Geek Project of the Day May 18, 2012Just in time for the weekend. Here is your geek project of the day. Because sometimes, a regular grill is not enough. We want one. Going to “borrow” a friend’s car and turn it into a grill.
- Jelastic announces the commercial availability of its Java cloud hosting platform with Rusonyx May 17, 2012Rusonyx’s Jelastic offering provides Cloud Java hosting with no lock-in or code changes required PALO ALTO, Ca. – Jelastic, the world’s first standards-based Platform-as-a-Service, today announced its commercial availability in Russia through its partner, Rusonyx, one of Russia’s leading web hosting service providers. Rusonyx is the exclusive provider […]
October 17, 2010 at 12:48 pm
Good post Dmitry,
Agree that it is a bigger challenge to maintain the required level of security with an in-house and on-premise data centre than one of these trusted cloud providers.
I referenced you with this post on my own blog
http://bit.ly/b6H2N9
October 20, 2010 at 9:09 pm
Thanks Scott! Thanks for providing the link to your blog post. Great continuation of the discussion. Posts like that are really important and help the industry get rid of old misconceptions and move forward.
Dmitry