Continuous Transformation Blog

Why Data Is More Secure in the Cloud

Written by Simon Barth | October 2, 2015

If you ask a packed conference hall if anyone is an above-average car driver, it's probable that at least 75 hands will raise. But there is something wrong with the numbers. This phenomenon is a cognitive bias called above average effect – and it appears in many areas. Could it be that also some companies need to pledge guilty for overestimating the security standards of their own data centers?As a SaaS provider we are frequently confronted with questions about IT security and data protections by our existing or to-be customers. And we take them very, very seriously. For sure, security is still a major concern about cloud solutions. In a 2015 study by IBM, three quarters of the respondents said that security is their main concern when it comes to cloud-based services.

90% of our customers prefer and trust leanIX as SaaS operating model. And while we are also happy to fulfil the wish for on-premise solutions, we are strong believers in SaaS – also from a security perspective.

Providers of public cloud services are concerned with security by the very nature of their business model. They are concerned with IT security across their entire technology stack. While high-profile security breaches, such as recent cases of Hilton or Sony, tend to attract a lot of negative media attention and some mid-term lost in market cap, they normally do not threaten the entire business model. In contrast, a major incident at a cloud provider would mean serious damage to the business or even going out of business. In addition to this intrinsic motivation to guarantee security, cloud businesses submit to much tougher security standards. Many corporate data centers cannot proof this kind of standard.

The corporate on-premise systems are typically a mix of older and modern technologies. Older infrastructure tends to be often more vulnerable to threads than modern technologies. Simply because the older technology was not developed to handle the newer, more sophisticated threats. This makes on-premise data centers a more attractive goal for attacks than modern cloud platforms relying on the latest security technologies.

When looking at recent data breaches, there is not much to point at the cloud. Barracuda, the worldwide leader in security and data protection solutions states that “almost all of the massive data breaches we’ve seen of late were within traditional on-premise IT. Sometimes we are too quick in stating that the cloud is an inherently insecure element.” But according to a Dell study “nearly ¾ of organisations surveyed have admitted to experiencing a security breach within the last 12 months, but only 18% consider predicting and detecting unknown treats a top security concern”

When thinking about security risks, we attempted to immediately image some dubious hackers. But the source of danger is much more often internal, from the own employees. Be it caused by carelessness (e.g. sharing passwords, losing laptops, etc.) or by malicious intend when employees are unhappy or leave the company. When data is stored with cloud providers, employees with bad intentions are physically segregated from the data and typically don’t have any relationship to the person that does have access to the data – a fact that can make data in the cloud more secure.

Security will likely remain a major source of concern towards cloud solutions and this is good, because it makes sure that all vendors keep this topic high on their agenda. We accept that certain industries and companies have policies in place that prohibit any data in the cloud, and offer on-premise solutions for them. Still, we would like to trigger a discussion on whether cloud service providers are able to maintain better security standards than corporate IT departments. Perhaps it’s actually worth considering to keep your money in the bank rather than under your mattress – at least when it comes to corporate data.

What do you think? Reach out to us at info@leanix.net to share your thoughts. Or, alternately, schedule a demo with us below: