Adoption of the cloud is not slowing down. In fact, what’s happening is quite the opposite. According to IDC, worldwide spending on cloud computing is expected to reach $162 billion USD in 2020, growing at a compound annual rate of 19%. This isn’t surprising when you consider that more organizations are looking outside their own environment for solutions that will help them become more agile, maximize resources and save money. Yet, while this study and countless others show that more companies are embracing the cloud and its benefits, many are still hesitant to make the move. One of the biggest reasons why is security.

Particularly in the physical security industry, there is a common misconception that on-premises systems on closed networks are more secure. Many still believe that connecting to a cloud-based application becomes a source of vulnerability that will put corporate data and systems at risk. In this article, we will explore why this belief is unfounded, and why more organizations are relying on cloud service providers to enhance their systems’ security.

Why Isolated On-premises Systems Are Not Immune To Threats

Everyone is working with the same security tools. It doesn’t matter whether it’s an IT team securing an on-premises network, server or system, or a cloud provider protecting its infrastructure and its clients’ applications and data. Essentially, anyone can implement multiple layers of security to reinforce confidentiality, integrity and availability. These can include many mechanisms such as firewalls, intrusion detection systems, multi-factor authentication, antivirus software, etc.

While these security measures exist, the reality is that organizations either lack the expertise or the capital to build and maintain infrastructures with the utmost protection. This inevitably leaves their isolated networks and on-premises systems vulnerable to attack.

The WannaCry and Petya Ransomware attacks are good recent examples of how these vulnerabilities can be exploited, causing catastrophic results. Specifically, WannaCry attacked vulnerabilities in the Microsoft Windows operating system, allowing the malware to quickly spread to neighboring computers. The vulnerability was promptly patched by Microsoft as soon as they were made aware, but those that did not get around to updating their systems were left at risk. Within a day of the attack being launched, it was reported that over 200,000 systems around the world were infected, holding personal and corporate data hostage in exchange for bitcoin payments.

A benefit of using a cloud service is that system updates are facilitated by the cloud service provider
All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers

Four Reasons Why The Cloud Improves Your Cyber Security Posture

As noted above, attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud. Therefore, mitigating system risks is not so much about where the infrastructure is physically located. Instead, it’s about how well the system and its infrastructure is managed from a physical and logical security standpoint.

With this in mind, below are a few reasons why cloud applications can often be more secure than isolated on-premises systems that are managed internally by an organization. 

1. Cloud providers make layers of security more accessible

Keeping systems safe from threats is costly and complex. To do it alone, and do it well, businesses must have dedicated resources and large budgets. This is why cloud providers have an advantage. They can use economies of scale to enhance their operations and provide high levels of security for their shared infrastructure. All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers. Therefore, these businesses can take advantage of multiple layers of security that they would not have been able to put in place themselves.

2. Cloud providers facilitate system updates and patches

Ensuring systems are always up to date and minimizing risk require constant attention. The landscape of cyber threats is evolving, and many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Unfortunately, updating software is time-consuming, so when an organization is faced with budget constraints, it’s a task that often falls through the cracks. A benefit of using a cloud service is that system updates are facilitated by the cloud service provider. As soon as the latest versions and fixes are available, the organization will have access to them. This helps to ensure that systems remain protected against known vulnerabilities.

Cloud applications can often be more secure than isolated on-premises systems that are managed internally
Attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud

3. Cloud providers take onus for the risk of threats

Top-tier cloud service providers use more stringent security measures for their infrastructures than most businesses. This is because their product and core competency is at stake. In fact, companies like Microsoft have a global incident response team that works around the clock to mitigate against attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

4. Cloud providers have strict policies to prevent unauthorized access

Physical security plays an important role in safeguarding against cyber attacks. For instance, it is not uncommon to see access control servers sitting under a receptionist’s desk in the front lobby of an organization. At any point in time, the data can be stolen or destroyed with a single USB key. For a cloud service provider, mitigating against internal threats is a critical component of what they do. From the policies and processes they outline to technologies they use, cloud service providers build datacenters with unprecedented levels of physical security. They also implement comprehensive incident response protocols, so that any breach is promptly detected and immediately dealt with.  

Why Outsource Risk And Costs To Cloud Providers?

When it comes to cyber security, the stakes are high - and organizations are finding it more challenging to keep pace with the onslaught of new threats. This is why many are transferring the responsibility and risk over to cloud service providers. Cloud service providers are not only better equipped to manage and maintain these systems and keep them secure, but also make it more affordable for their customers to access the highest possible levels of security.

Download PDF version

Author Profile

Christian Morin Chief Security Officer & Lead Strategist, Cloud Services, Genetec, Inc.

In case you missed it

BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage
BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SecurityInformed.com to discuss the reasoning behind the deal, and how the program will benefit partners, integrators, and end-users alike. Expanding BCDVideo's Product Offering For BCDVideo, the HPE OEM program has been widely acknowledged as a success, allowing the company to leverage a globally recognized brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support For Integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting Surveillance Market Demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating For Growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.

How To Prepare For Active Shooter Incidents | Infographic
How To Prepare For Active Shooter Incidents | Infographic

This Active Shooter infographic summarises information about trends among active shooter incidents, and outlines how an organization can develop a plan before tragedy occurs, including:   Statistics on the numbers and types of recent active shooter incidents. A profile of common traits among active shooters. How to prepare beforehand, and what to do when the police arrive. How organizational planning ensures maximum preparedness. Pre-attack indicators to look for. Be sure to share this information with coworkers and managers. Awareness is key to preventing active shooter incidents, and to minimising their tragic consequences. When sharing this infographic on your website, please include attribution to  SecurityInformed.com More resources for active shooter preparedness: How hospitals can prepare for active shooter attacks Six steps to survive a mass shooting Technologies to manage emergency lockdowns  How robots can check for active shooters  Background checks to minimise insider threats Gunfire detection technologies for hospitals, retail and office buildings 21 ways to prevent workplace violence in your organisation Non-invasive security strategies for public spaces    

How Should Your Security Company Measure Total Cost Of Ownership (TCO)?
How Should Your Security Company Measure Total Cost Of Ownership (TCO)?

How much does a security system cost? We all know that total costs associated with systems are substantially higher than the “price tag.” There are many elements, tangible and intangible, that contribute to the costs of owning and operating a system. Taking a broad view and finding ways to measure these additional costs enables integrators and users to get the most value from a system at the lowest total cost of ownership (TCO). However, measuring TCO can be easier said than done. We asked this week’s Expert Panel Roundtable to share the benefit of their collective expertise on the subject. Specifically, we asked: How should integrators and/or end users measure total cost of ownership (TCO) when quantifying the value of security systems?