Is Data Safer on Premise or in the Cloud? It Depends.

Over on the Alert Logic blog the question is asked: “Is Data Safer on Premise or in the Cloud?”. Unfortunately there is no simple yes or no answer. The only answer to this question is it depends. The point of the Alert Logic post, however, is not to convince you to move all of your infrastructure into the cloud but rather to convince you to use Alert Logic’s SaaS application which is conveniently located where….you guessed it, in their datacenter.

Alert Logic mentions the SAS 70 Type II audit standard that, based on the few that I have reviewed, are very subjective and a tad fluffy when it comes to how the results are measured. But hey, clouds are supposed to be light and fluffy right? I like the idea of SAS 70 audits more than I actually like the results generated by them. I’m not saying you should completely disregard a SAS 70 Type II audit when a vendor hands it to you but rather use it as a springboard for deeper questions about the company background, monitoring practices, information and communication systems, and how the results of the testing were generated (and can they be reproduced).

The title of the Alert Logic blog post was what initially made me open it up in my RSS reader. I was a little disappointed that it was more of a product pitch than a debate on cloud vs. premise. When I say that the answer to that question is it depends…well, it does. The average small to medium business typically does not have the capital, or experienced personnel, to implement a true security management program AND implement/maintain the required technical controls to enforce the policy. This is where cloud security has the opportunity to shine.

Positioning moving your datacenter to the cloud under the guise of “increased security” won’t fly with me until someone can take my hand and walk me down to the proposed new home for my datacenter. I want to see, with my own eyes, the network, host, physical, and operational security capabilities, policies, and procedures that my service provider will follow. That might ease my mind but it will certainly take a lot of convincing to make me believe that you can meet the following equation:

(cloud solution security + cost savings) > (my current security)

Scroll to top