Public cloud. On-premise-cloud. What is the best approach? Is public cloud security risk minimal? Many CIOs and CSOs are asking this question: which cloud platform is best from a security perspective? And do Managed Services providers recommend public cloud over on-premise cloud? The answer is ‘Yes, but it depends’.
Public cloud security benefits
Let’s first examine public cloud security benefits. Remember, security is more than just confidentiality; it’s also integrity and availability.
- Public cloud environments are generally newer and have more redundancy than on premise clouds. This is inherent in the service, so availability is most likely better than a private cloud.
- Public cloud environments have generally been targeted with the latest attacks many times, so they may be better prepared to withstand an attack.
- Due to economies of scale, public cloud providers generally have the most staff, skilled experts, and the best protection tools.
Private, on-premise cloud security benefits
Now let’s look at the benefits of a private, dedicated on-premise cloud:
- Fewer people have access (but harder to find and pay experienced staff)
- Can meet some specific legal requirements that require on premise data in the United States
- Greater visibility into the cloud environment
- Smaller target than the public cloud (but hackers seem to be hitting even small targets)
As you can see there are benefits of both cloud implementation approaches. How do you decide what’s best for your business? Perhaps, the first step is a hybrid approach.
If you are particularly concerned about a mission-critical application with highly sensitive data, that no one else in your industry is deploying to the cloud, consider keeping the application on premise.
Managed Services Provider (MSP)
You can use a managed services provider to manage the rest of your applications deployed in the cloud. Why use an MSP? MSPs provide:
- Visibility into the environment you need for auditors, board members and being able to sleep at night
- Comprehensive expertise in cloud environments
- Economies of scale to hire and retain the experienced staff needed
- Broad exposure to global threat intelligence
Organizations can use cost savings in information security staffing for pen testing, application security testing and information security auditing to ensure that cross-functional teams understand the risk level of the environment. A refinement of this approach is to start with one or two non-critical applications to learn more and then continue to expand to critical applications over time.