On-premises vs cloud security: What are the pros and cons?
As a system administrator, I’ve worked with both on-premises and cloud-based systems in order to support business operations, and I can definitely say I have some preferences and observations regarding each type of environment.
The “old way” of having exclusively on-site data centers isn’t necessarily dead yet, and I do believe a hybrid formula to mix and match what works best can be a strong option. That’s not to say there aren’t pros and cons related to on-premises versus cloud security, which should be identified and analyzed before making a decision about which is best for your business.
Jump to:
Security benefits of on-premises networks
Monitoring and on-site staff mitigate security risks
On-premises systems can be confirmed as physically secured, as they’re likely down the hall from IT staff and security personnel, and badge readers, monitoring and cameras can be put in place to ensure they remain accessible only to the appropriate personnel.
“One advantage of on-premises will always be that if a customer has unique or specialized requirements, they can implement them on-premises, while most cloud vendors will have a standard set of security processes and tools, take it or leave it,” said Dominic Sartorio, senior vice president of product at Actian.
SEE: Fighting cybersecurity risks for law enforcement: On-premises vs. cloud native systems (TechRepublic)
According to Manikandan Thangaraj, vice president at ManageEngine, the enterprise IT management division of Zoho Corporation, the nature of on-premises networks allows for a well-defined security perimeter to protect it from the unique attack techniques used on them.
“On-premises security deals with deploying tools that require all network traffic to be routed via the physical security appliances residing on the network premises, so it can be monitored and analyzed to mitigate security risks,” Thangaraj said. “When the users want to access network resources from a remote location, they have to use VPNs, the use of which is monitored by traditional security solutions.”
Equipment management is performed on-site
In addition to the security benefits of on-premises environments, equipment can also be easily repaired and replaced by known, authorized personnel. Moreover, secure disposal of hard drives can be arranged by on-site techs to confirm company data has been thoroughly scrubbed from these devices.
Network traffic is kept within the network perimeter
Most of all, users aren’t dependent upon wide area network links to access company resources — said WAN links are only needed for inbound and outbound traffic to or from external customer or business-related resources. Traffic is kept inside the network perimeter with less risk of spoofing or compromised credentials.
Drawbacks of on-premises network security
Taking advantage of the multiple benefits of on-premises networks requires sufficient on-premises worker resources to set up and maintain, and it also requires the complex technical know-how to maintain proper security.
Unlike cloud resources, which can be geographically redundant, a single site represents a single point of failure or attack such as from a distributed denial-of-service malicious actor. Cost is also generally significantly higher for on-premises operations versus those in the cloud.
Security benefits of cloud networks
Vendor security teams free up time for in-house staff
Cloud advantages are generally the reverse of on-premises disadvantages. In short, cloud providers are held to a strict set of security standards, which on-premises personnel may or may not properly be aware of or uphold. Cost is more affordable, and dedicated cloud security staff can secure data and resources from their side, freeing up in-house staff for more relevant and business-focused tasks and projects.
SEE: Top 6 multi-cloud security solution providers of 2022 (TechRepublic)
“I would frame this discussion with the Shared Responsibility Model that all three major cloud vendors, Amazon, Google and Microsoft, abide by,” Sartorio said.
Sartorio provided links as to how Amazon, Google and Microsoft handle their shared responsibility models, which comply with all relevant standards, including SOC2, ISO27001 and FedRAMP.
“This model states that the cloud vendor focuses on ‘Security of the Cloud,’ meaning the customer can trust them to secure their infrastructure, including physical assets, operating environments, internal networking and so on,” he said. “Thus, the customer no longer needs to worry about this.”
Cloud security lowers the operational expenses of data compliance
Byron Carroll, head of product at ACTIVE Network, is strongly enthusiastic about cloud security compared to on-premises.
“State and local governments are intriguing case studies when examining the benefits of switching from on-premises software to a cloud-based solution, especially regarding security,” Carroll said. “Local governments across the U.S. are prioritizing their resources and shifting to cloud-based software, because storing sensitive data for a large population makes security a top priority for local governments, and they’re willing to invest in the most secure and efficient solutions.”
Data compliance and the reduction of operational burdens, expense, and maintenance are clear wins in Carroll’s view along with an improved ability to support remote workers.
Drawbacks of cloud network security
Despite the benefits of security with cloud networks, there is still a concern, particularly with application programming interfaces, says Thangaraj. According to him, malicious actors can gain access to an organization’s data by exploiting vulnerable APIs. To protect this data, security teams need to monitor cloud app usage and network traffic.
“Cloud data platform security should focus on gaining visibility into cloud app usage and activities to deploy adaptive security measures,” Thangaraj said.
Which network security option is best for your organization?
What type of business is on-premises security best for?
On-premises operations are best for companies with high security restrictions and hands-on demands that require them to be as nimble and engaged with their equipment as possible.
These companies typically have a strong dependency on physical hardware such as for database servers or systems with high input/output operations per second and IT staff which prefer to repair and replace hardware and systems on their own to ensure maximum uptime of physical machines. These companies are often located in centralized geographic locations with a handful of sites.
What type of business is cloud security best for?
Cloud operations are best for companies with less dependencies on physical hardware and more liberal usage of virtual systems. Often, these companies are spread out across numerous locations and have no one true headquartered operations but are highly distributed.
Is the best approach a combination of on-premises and cloud security?
A combination of on-premises and cloud security works for companies that can put critical systems in-house and use less critical, common cloud-based operations such as email, telephony, instant messaging and collaboration applications. In this hypothetical scenario, web servers and databases linked to them might be on-premises and Microsoft 365 used in the cloud.