Skip to main content

In recent years, we’ve seen a marked shift to cloud computing. Public cloud sales globally hit $315.5 billion in the first half of 2023, with Microsoft leading the way. As of 2022, two-thirds of Australian organisations had moved their workloads to the cloud for production, with another 17% using cloud services for testing and development.

Cloud computing offers undeniable advantages in terms of scalability, cost-effectiveness, and accessibility, yet has its own concerns as simple as expanding your attack surface. Which raises the question: is cloud security as robust as traditional data centre security?

Cloud adoption by Australian organisations as of 2022

Cloud adoption by Australian organisations as of 2022

Source: Microsoft.

Comparing cloud security with data centre security

Both have advantages and disadvantages; the best choice depends on your specific corporate and commercial needs. The fundamental difference, of course, lies in who’s responsible for what? 

The obvious advantage of your own data centre is you own it all; you have complete control. Only major enterprises (or the very brave) have the wherewithal to build their own premises, with most companies purchasing rack space in hosting centres. That’s still your data centre. Hosting centre security protects the physical resources, but everything else falls to you. The disadvantage is that you own it all. As well as the overhead costs of ownership, maintenance and renewal, you sink or swim depending on how diligently you have approached and implemented all your security controls. 

Cloud, on the other hand, uses a shared responsibility model. The cloud provider manages the underlying infrastructure providing the computing resources and security such as firewalls, intrusion detection systems, and some built-in access controls (not that you want to trust their default firewalls, but they are there). What’s left to you is data, application, API, and access security.

Advantages of data centre security

Data centre security gives you more direct control over your infrastructure, making it easier to meet compliance requirements. Irrespective of where you’re hosting it, you still have the advantage of that physical control over infrastructure, enabling you to directly manage and monitor the physical devices and the environment in which your data and applications reside. Finally, you design and apply security policies and controls tailored to your business processes, data types, and risk assessments. This customisation extends to deploying dedicated security hardware, software solutions, and specialised staff, enabling a targeted approach to mitigating specific threats and vulnerabilities.

Advantages of data centre security

Advantages of cloud security

The cloud, on the other hand, offers scalability and flexibility. In the cloud, the infrastructure provider makes it easier to adjust security measures to accommodate changing workloads and business needs. Scale up or down without significant upfront investment in physical hardware or extensive reconfiguration. For example, a provider like Microsoft Azure unifies security management so you can use one platform to build a layered approach across data, hosts and networks. Depending on your specific operating model, it can also make sense financially. Using the cloud, you can shift the IT burden from capital expenditure (CapEx) to operational expenditure (OpEx). 

Finally, the shared responsibility model means cloud providers invest in some security measures which reduces the scope of work you need to worry about. This is not to say you can ignore it; it’s still your data, reputation, and business. However, cloud service providers do some of the work monitoring security threats and implementing the latest techniques to protect their environments. This proactive approach to security includes regular updates and patches applied with minimal downtime, providing your business with a level of security that would be costly and complex to achieve alone. 

Advantages of cloud security

Finding the right fit

Ultimately, which way you go will depend largely on your specific needs and resources. If you require absolute control and have the expertise in-house with the budget to match, a data centre might be the way to go. On the other hand, if you need the flexibility and cost-effectiveness to ‘move fast and break things’, the cloud is probably a safer bet. 

Neither direction absolves you of your need to implement proper security practices, nor does either approach make regulatory compliance less critical. That said, all the major public cloud providers invest heavily in cyber security research and development, staying ahead of emerging threats and vulnerabilities, offering multiple compliance certifications for their infrastructure and services, and making life that tiny bit easier. 

Of course, the elephant in the room is the advantage Azure has over AWS and Google (or any other public cloud provider). Azure integrates seamlessly with existing Microsoft solutions, whether on-premise or Office 365. This is a natural advantage for any organisation already in that space. 

Finding the right fit

A hybrid approach

The good news is that you don’t specifically have to choose one or the other. Many organisations opt for a hybrid approach, leveraging the strengths of both cloud and data centre security. Sensitive data resides in the on-premise data centre, while readily accessible applications and development environments are deployed in the cloud. This approach maximises security for critical data while offering the flexibility and agility of the cloud.

Conclusion

Security is paramount in the modern digital landscape, where data reigns supreme. Cloud security and data centre security are not mutually exclusive concepts. They represent different points on a security continuum. The debate over cloud security versus data centre security is not a matter of one being inherently superior to the other. Rather, it’s about striking the right balance between control, convenience, and cost-effectiveness. The key point here is to prioritise a comprehensive security strategy encompassing physical and virtual security measures, regardless of your chosen environment.

recon can guide your cloud security strategy

Whether you leverage the cloud, a data centre or a hybrid option, getting your security right is a process that takes time and expertise. Building your security capabilities internally can become costly and time-consuming. 

At recon, we help you solve this problem with managed security services. We provide the expertise and comprehensive support of a full cyber security team to enhance your protection and resilience while avoiding the expenses of maintaining an in-house team. Visit our Cyber Security Services page for further details.

Related blogs

Can you afford not to invest in cyber resilience?
What makes an organisation’s cyber security mature?
How data can help you take the next step in cyber security