Yes, Cloud is more secure than any on-premises system and it is also less expensive because you do not necessarily have to procure additional devices to secure the information. Moreover, it is handled by certified technicians who do this day in and day out for a living. It is scalable and elastic and can handle most of the complex attaches such as distributed denial of service. The level of security that is provided in the cloud cannot be duplicated on-premises site. And moreover, most organizations simply do not have the staffing resources or financial capability to provide the same level of security benefits as cloud can provide.
Now, how is that even possible? The answer is simple. When you migrate to cloud the data is stored in multiple data centers which are geo-independent, with redundancy implement through the system. Your data gets distributed to not just to one or two data centers but to multiple data centers. So, if one goes down the another is automatically active. Hence ensuring business continuity.
Additionally, cloud also protects data by virtualization. In this, your servers are virtualized in cloud and cloud providers can easily migrate the servers from one data center to another if any type of failure occurs. Considering the fact that, on premise data centers may have at most two physical servers, cloud obviously outperforms.
But still, the general perception is “I don’t want to store information in the cloud” The thought of having information, not under direct supervision or control is unnerving to some. Especially when security tools themselves are subject to an attack such as the SolarWinds attack, people are more skeptical of the cloud-based security measures. In general, though, information at rest and in transit is encrypted. The logs are retained. The alerts are instantaneous and the means and methods of detecting events or threats are continuously evolving, hard for any enterprise to keep up within on-premises systems. Also, think about regulatory compliance when it comes to security. The cloud providers most frequently have continuous audits of SOC compliances, FISMA, DIACAP, FEDRAMP, PCI DSS, ISO, and the list of certifications are endless.
So, what do you think? Is not cloud helpful even if there is a fire, cyberattack, ransomware attack or even a large network outage?
But security is a shared responsibility. While the layer to which you are paying the subscription, that is amply protected by the cloud provider, most often the application-level security is often the customer outlook. For example, allowing customer roles to download PII data into their local devices and not having the means to detect such events is a customer’s responsibility in most cloud models. And that is no different than what you would do in an on-premises application maintenance model.
Governance of security, analyzing risks, and ensuring compliance is a continuous process. Every enterprise needs to have ample controls to ensure the information is protected. Laws such as GDPR in Europe and other places are fast emerging and making this need even more stringent. Business continuity mandates the need for cybersecurity talent.