Skip to main content

Securing your Digital Transformation: on-premises vs cloud security

The speed of technological breakthroughs and exponential pace of disruptive global innovation in the technology sector is bringing about a fourth “digital” industrial revolution – characterized by unprecedented processing power, storage, connectivity, access to knowledge and the blurring of lines between the physical, digital and biological space.

All organizations globally are undergoing a digital transformation and increasing their use of technology. Our connected digital world represents an enormous opportunity for Canada’s future economic prosperity and by improving cyber security in this country, all businesses will benefit.

Microsoft Canada recently surveyed 700 Canadian business leaders to gain a better understanding of their digital transformation objectives and security concerns. The clear majority of respondents indicated that digital transformation was a top priority but more than three quarters told us that they were not adequately prepared for todays cyber security threats. Even more surprising was the fact that the majority of Canadian business leaders still felt on-premises IT was more secure than what a hyperspace cloud provider could offer. Typically, when I hear these types of concerns, it is because cloud computing requires a change in attitude when it comes to control, which can be uncomfortable for those used to traditional IT approaches. The cloud approach itself can feel more insecure because data is stored on servers outside an organization’s direct control. However, similar to when we compare car and air travel safety, direct control does not always equal greater safety or, in the case of computing, security.

Data hosted on-premises is not free from cybersecurity risks. It is subject to many of the same cyber attacks as cloud solutions but with an added disadvantage. It lacks the immediate access to a cloud provider’s substantial resources and security measures.

It is important to point out that while the data breaches, network intrusions or ransom attacks that fill our headlines are frequently reported as sophisticated events requiring a high degree of technical skill, this is not necessarily true. The overwhelming majority of these nefarious acts are conducted using automated toolsets but dated exploits. For example, Microsoft’s internal evidence suggests that 80-90% of successful attacks on its customers worldwide exploited vulnerabilities where a software patch existed, but wasn’t deployed. Bottom line is: cyber hygiene (running modern software, keeping it patched, using anti malware) still absolutely matters and should continue to be a focus of any organizational security program.

The Cyber Threat Landscape in Business Terms

When talking about the cyber threat landscape with executives, I have found it useful to talk about this in their language – the language of business. The driving force behind cybercrime is often global organized crime.

The past decade could be seen as the champagne era of organized crime where some believe that cybercrime could now be more profitable that the global drug trade. The black-market supply chain and economy that supports cybercrime has matured massively, especially in recent years with evidence of this discussed frequently in the semi-annual Microsoft Security Intelligence Report. Key technological advancements such as Bitcoin have facilitated digital money laundering and fueled profitability of old extortion scams made new as ransomware in the digital world. 2015 saw potentially the largest global bank heist in history taking home over one billion dollars. A significant portion of these organized crime profits are being reinvested into the cybercrime economy to improve future revenue streams. Organized crime is extremely well funded, highly motivated and is exploiting technology to its maximum potential in the digital connected world too often against ill prepared victims.

These realities should influence governments and business leaders in Canada to consider that they likely cannot compete effectively against todays adversaries on their own and need to partner with a hyper scale cloud service provider like Microsoft who is resourced and focused on out innovating cybercriminals with our security strategy.

Let’s break down why a hyper scale cloud service provider like Microsoft can provide significant enhancements to an organization’s ability to mitigate cyber security risks.

Security as a core business function

Trust is a fundamental part of our business model and we do our absolute utmost to keep it. We operate on a scale that requires us to architect our system with the assumption that anything that can go wrong will go wrong. Security within cloud services is built in using recovery oriented designs and with components partitioned for availability and recoverability. We also hire the best talent in this space and dedicate significant resources to their ongoing development. In 2015, we invested more than $1 billion in security.

Physical access to data

Our cloud solution has a physical infrastructure component (it includes data center facilities and components that support the services and network). Our security measures are substantive. We’re talking: restricted access to only personnel with completed background checks, requiring biometrics to gain physical access and applying a least privilege policy. No personnel who work in our data center facilities ever have access to modify configuration of the service fabric or access anything within a customer tenant.

Better understanding of the threat environment

A large pool of clients can work to the benefit of security as it allows us to look for security intelligence across their whole environment. This data can be used by big data security-intelligence systems to discover malware and network intrusion attempts around the globe.

Outsourcing security maintenance

We don’t just manage datacentre security. We also manage network controls, identity and access controls and patching. We can help you by taking care of patch management, regular vulnerability and system configuration scanning and privilege management. 

Scale as a shock absorber for security

The rapid, smart scaling of distributed cloud resources enables us to thwart emergencies and distributed denial of service (DDoS) attacks more effectively than on-premises solutions. We also ensure that data is safeguarded and preserved in case of an environmental disaster or any other unforeseen emergency.

Security innovation comes first in the cloud

Most technology providers have adopted a “cloud first” approach. This means that innovation, especially security related innovation, is often delivered in the cloud and only later translated into on-premises solutions. This represents a significant advantage for cloud over traditional implementations.

Wrapping up

The above points highlight that cloud security can not only compete with security delivered on-premises, but that cloud computing has several distinct advantages. This has also been the conclusion of an increasing number of government agencies around the world, including the Government of Canada as highlighted in their Cloud Adoption Strategy -“Cloud-service providers hold Internationally recognized security certifications that are assessed by third-party security professionals. These certifications include robust security features that would be a challenge for any one consumer to fund individually.”

Still want to learn more? Read our eBook: “2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security” and catch us at #GTEC for our presentations on what the cloud can do for you and your constituents!