Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.
Pete Nicoletti, CISO, VirtustreamInsider threats, lack of internal IT resources to fully meet compliance and security needs, and risks that arise from where IT systems are located and protected can cause on-premises IT to be far less secure than cloud-based deployments. Cloud solutions not only enable cost-efficiency, enhanced agility and the ability to scale, but they are deployed in secure and redundant locations and offer enhanced security capabilities to continuously mitigate risks.
Security isn't a core competency of most enterprises, but it's the central foundation for cloud service providers which support large enterprise clients. By performing threat and impact analysis using advanced tools and feeds on a 24/7 basis, they are able to immediately identify and address threats. They also have the proper frameworks in place to maintain the highest levels of compliance and auditing. Companies that want to grow their business, have the highest data availability and protection levels without unnecessary overhead IT costs, need to get their heads in the cloud.
Dan Timpson, VP of technology, DigiCert
Not all cloud service providers are security experts. Many do it right, but others have work to do. When one uses a cloud service, what guarantees does that offer that the data is stored and transmitted securely? Does the cloud provider have strict security policies in place?
On-premises solutions give users 100-percent control over their own SSL certificate keys and critical system security, and then it's their responsibility to ensure privacy and data security. With on-premises, one has better visibility into the lifecycle of one's own data and where attacks are coming from.
It's possible for organizations to connect on-premises solutions to cloud services in a secure way that enhances data management and meets security needs. The key is selecting a security-focused cloud service provider that supports data security best practices. Choosing a provider that is audited, participates in data security industry groups, and has been proven in its security efforts actually enhances the security of on-premises solutions.