Many businesses are bad at security. The chances of something catastrophic happening to your data are greater if you keep it on-prem. Play the percentages.
Occasionally, I run into a business owner who’s afraid of the cloud. They don’t have nephophobia–they just like to keep their data on-site. Their argument often goes something like this:
“I like to know where it’s at.”
“The cloud has breaches all the time!”
“What if my data gets deleted?”
Or, my personal favorite:
“”I don’t want the Chinese to hack into my system.”
There are various levels of validity to these concerns. They often come up during well-meaning security presentations oscillating somewhere between “prudent” and “FUD” (good old “fear, uncertainty, and doubt”!).
Often overlooked, however, is the fact that the risk of keeping your data on-prem is likely greater than your risk of it suffering a cloud-based disaster.
When it comes to security, maintaining your own IT infrastructure is a big risk factor. Security firm Imperva concluded “46 % of On-Prem Databases Contain Vulnerabilities”. MyTechDecisions is reporting recent vulnerabilities in on-prem systems have highlighted the security advantages of the cloud. In both cases, a big part of the problem is insufficiently patched resources at individual companies. Many organizations are simply unable or unwilling to pay for the IT security expertise and labor required to keep everything fully patched. These vulnerabilities are an attractive target for bad actors.
In addition to the risks inherent to on-prem solutions, the cloud providers are incentivized to continuously improve their services. In a round-table discussion published by the Albany Business review, Lauren Groff discusses how a cloud subscription model gives vendors a higher ROI for enhancements than the legacy model used for many on-prem products.
While human nature tempts us to “keep our data where we can see it”, the realities of the market and scarce resources tell a different story. Move your data to the cloud, so you can sleep better at night!
Share With —
CTO, CIO, CISO
Action Items —
• Review your current security posture with your in-house IT, staff or your managed services provider.
• Pay close attention to where your hardware and software are at in their patching cycle.
• How many outstanding patches do you have?
• What are the potential consequences if the remaining vulnerabilities are exploited?
• What is the potential cost of continuing to do what you’ve always done?
Brian S. Pauls is the founder and vCTO of Cloudessy. He likes to keep the dice for his table-top role-playing games on-prem, and his data in the cloud.
Attacks using a known Microsoft 365 vulnerability increased significantly last week. If you need help locking-down Microsoft 365 for your business, please email Cloudessy at firstname.lastname@example.org or call 913-491-4040.
Yesterday, security blogger Zohar Shachar published details about an SMTP injection exploit he uncovered in GSuite’s mail configuration. Reporting the problem to Google garnered him a $3K+ reward.