Understanding On-Premises Data Centre Security vs. Cloud Security
Prioritising Data Centre Security
It takes a whole host of resources and knowledge to address the complexities of data centre security. Preventing attacks and securing operations require a substantial budget to keep pace with existing and future challenges. A report from Markets and Markets predicts that data centre security spending will reach $13.77 billion (£10.15 bn) next year. More than 34% of CIO.com’s 2020 State of the CIO respondents agree, indicating that security and risk management is already “the number one driver of IT spending”.
Increased spending indicates the need for ongoing protection against cyber attacks. In 2019, research conducted by the Ponemon Institute reported that the average breach cost $3.92 million (£2.89 mn). Reducing security threats, outages and downtime means that proﬁts and reputations are saved.
Companies must be prepared to invest in the people, processes and technology needed to protect data centres from security breaches.
Read on to learn more about:
Fundamentals of security for on-premises and cloud data centres
On-premises vs. cloud security comparison
Data centre security requirements and standards/best practices
How to implement data centre defence
Top 8 on-premises & cloud security controls
What does the future of data centre security hold?
Compare & Contrast: On-Premises vs. Cloud Service Security
The on-prem versus cloud security debate continues within the data centre industry. The differences range from minor to substantial, but both on-prem and cloud advocates can agree that countless protections and threats exist in both environments. Beyond focusing solely on meeting IT security priorities, the question is: which is more secure for my organisation and its business objectives?
More control over security is retained when a company manages services with its own on-prem servers.
On-Premises serves to allow network customisation that is tailor-made for a company’s needs.
On-prem servers do not rely on an Internet connection.
Quicker Learning Curve
The majority of IT professionals are better equipped to build security processes in this environment.
Lower Total Cost Of Ownership (TCO)
On-prem servers may require a larger upfront investment in hardware and installation, but in the long run, security is less expensive to maintain with a third-party support strategy.
Timely To Scale
Procurement of IT hardware can take time and research to scale security for on-prem data centres.
Increases The Need For On-Site Security
Without the right team and safety controls in place, some businesses may be more vulnerable to physical threats such as damage to physical property.
Security In The Cloud
Easier To Scale
Expanding storage for data in the cloud is as straightforward as upgrading a cloud storage package.
Cloud-based security is more automated, which means that set-up takes minutes rather than days.
Flexible Pricing Structure
Cloud computing often has a more ﬂexible pricing structure with “pay-as-you-grow” fees.
The cloud’s larger attack surface can make it particularly vulnerable to cyberattacks.
An issue with one cloud-based data centre customer could compromise another customer’s data.
Traditional monitoring and security tools do not always work in cloud environments.
Some regulations require that the shared responsibility of multi-tenant hardware is not used.
Cloud computing often has a more flexible pricing structure with “pay-as-you-grow” fees, but is less predictable for forecasting unforeseen costs and is more expensive in the long term.
“The biggest challenge to data center security today is not physical threats but rather cyber threats. The proliferation of applications and burgeoning mounds of intellectual property and private information often governed by regulators—makes data centers a central target for cybercriminals and even nation-states…the cyber-attack surface for the data center is expanding and becoming increasingly harder to defend.
These threats can target physical devices and systems used to manage cooling and video surveillance, among others. They can also target personnel through spear phishing, gaps in authentication protocols, and other malicious means.”
– Digital Reality
Data Centre Security Requirements & Standards
The requirements should be reviewed to understand how they will ensure and impact data centre safety. Many industries demand unique security standards involving a formal third-party auditing process to demonstrate compliance. Alhough complying with standards and requirements with all their details and steps appears daunting, these established best practices do shape a security response that can protect you from potential harm, downtime and data loss.
Cody Poltrock Supply Chain Director at Service Express
Recently one of our internal tools showed user readable data still resided on the disk platters even after completing an OEM documented procedure for zeroing out storage media. In response, we developed our own additional processes to ensure that data is being destroyed correctly. We not only follow NIST procedures, we also verify results.
Industry security standards include:
NIST 800-88 Guidelines for Media Sanitization
HIPAA in healthcare
FERPA in educational institutions
PCI DSS for credit cards
ISAE 3402 for data center ﬁnancial reporting
ISO 27001 Information Security Management System
Standard – most widely accepted certiﬁcation for supporting information security, physical security and business continuity
Regardless of the industry, IT professionals should at a minimum be familiar with data centre tiers and the kill chain standards. The Uptime Institute’s Tier Classiﬁcation System serves as a benchmark for ensuring maximum uptime. Lockheed Martin’s six-step Cyber Kill Chain® helps to align defence strategies against cybercriminals.
Implementing Data Centre Defence
To protect data centres from new and expanding threats, IT leaders should layer security defences for overlapping on-premises and cloud-based environments. Layering is a relatively simple concept. The idea is that any individual should be forced to breach several layers of security before they reach data. In doing so, the “Zero Trust” framework is upheld: everyone is subject to the same high level of scrutiny.
What Does the Future of Data Centre Security Look Like?
Cloud technology is trending now, but factors such as rising costs and security vulnerabilities are having an impact on its adoption. With more experience and a better understanding of the pros and cons, IT leaders are looking to a hybrid model for bringing together the scalability of the cloud with the control of on-premises data centres.