Cloud-based vs. On-Premises Attacks – SY0-601 CompTIA Security+ : 1.2

Which is safer, a cloud-based infrastructure or an on-premises data center? In this video, you’ll learn about the advantages and disadvantages of securing data in both environments.

<< Previous Video: Supply Chain Attacks Next: Cryptographic Attacks >>

 

 


There are two schools of thought when it comes to data security. One school says, if you have data that is on-site– or on-premises– that is the most secure way to store data. Another group says that having the data in the cloud is much more advantageous and much more secure for your data. With cloud security, everything is centralized, and therefore your costs tend to be lower. You don’t have to worry about having your own data center or purchasing any hardware, and you have a third party that handles all of the IT services for you.

If all of your data is on-site, you obviously have your own data center. And you have to incur all of those data center costs, but you know where all of your data is, and you’re the one who gets to control what happens with that data. Of course, the attackers don’t care where your data happens to live– you just have to be sure that it’s secure no matter where it’s stored. If your data is on-premises, you have complete control. You’re in charge of the facility. You’re in charge of your users and your support team. And you’re in charge of what happens with that data.

If you have your own team to manage your IT infrastructure, then you get to decide what expertise and what type of security controls are in place. You can hire exactly the right people to make sure that all of your data is secure, but, of course, if you’re hiring these people and having them on staff, there are additional costs associated with that, especially if you want to get people who are knowledgeable in how to protect data. With all of the data in your local premises, you have a team that can handle all of the uptime and all of the availability. You don’t have to call out to a third party to provide any type of maintenance.

Since this does rely on your services and your infrastructure, making security changes can also take time. It may take a reconfiguration. You may have to purchase new software or new hardware and have all of that already on-site in your premises. If this was a cloud-based service, there may be options for simply clicking a few buttons and adding additional security to your system. In a cloud-based system, you get to control how much security you have on that data. There’s usually no physical access to the servers and services that are in these cloud-based systems, although you do have to be concerned that there’s a third party that would have access to your data and your systems.

One advantage in the cloud is that most cloud providers are providing very large-scale security. They’ve seen a lot of different security technologies and understand how to implement it to make sure that your data stays secure. One challenge with this is you want to be sure that your users are following best practices for this security in the cloud. There’s a different process for accessing this data, and you want to be sure that your users are following the correct processes and procedures to keep that flow of traffic as secure as possible.

The data in the cloud also tends to be more available. Since this is a larger infrastructure, and much more redundancy is built in, you can usually maintain a higher degree of uptime. Security from a cloud-based provider may also give you some additional options. If you need to install a new third-party firewall, it may just be a click away to bring that firewall online and have it protect your data. This may not be as customizable as it might be inside of your own data center, but it might provide you with some additional options that you wouldn’t have if your data was on-premises.