Why on-premises data security is increasing your business risk

So you want to ensure your organisation has robust data security.

After all, the media is full of horror stories – and there are stark financial and reputational ramifications of being the next headline. In 2019, over 4 billion data records were compromised. Coronavirus is magnifying this risk – there’s been a 400%+ uplift in attacks since the start of the pandemic, in part driven by the effects of remote working.

There are dozens of hundred-item long checklists you can go through to evaluate and reinforce your organisation’s data security status, with elements ranging from crypto-security keys to mobile device policies. But if your strategy is based on principles and on-premises technology that fall short of your current risk profile, those checklists are like trying to put out a house fire while Rome is burning.

To reduce the risk of data breaches and make meaningful, future-proof improvements to your organisation’s security, you need to start by re-evaluating your on-premises foundation. Here’s why.

It’s progressively harder and more expensive to keep on-premises security up to date with current risks…

Yes, it’s possible to configure your on-premises environment to provide high security levels. But there’s cost and risk associated with that need to configure. Physical security, anti-virus, firewalls, role-based access, data at rest vs data in transit – there are myriad variables to control and opportunities for human error.

As your data estate expands and the organisation needs to access data in new ways to generate value, those variables and human error opportunities multiply. And that introduces risk.

…whereas the cloud gives you an ever-strengthening foundation.

With a cloud environment, you have a robust, established baseline of data security out of the box – with built-in controls and continuous monitoring.

Hyperscalers direct vast investment globally to ensure customers benefit from constantly improving features, protocols and policies. For example, Microsoft Azure has invested more than $1 billion in security R&D. AWS has more than 500 features and services focused on security and compliance. That’s no match for what you can achieve as a single organisation.

It’s therefore easy to deploy and maintain a uniform and robust data security approach with the cloud. The security surface area your teams need to manage is smaller – they can focus on protecting content, applications, systems and networks. The data resiliency is taken care of for you, reducing the need for ongoing resource and hardware investment just to keep your head above water (never mind ensuring the organisation is on the front foot).

On-premises security isn’t agile when responding to inevitable threats and managing changing risk exposure…

Traditional security principles – executed through on-premises technology – are perimeter-based, rule-driven and rely on increasing customisation. This means scaling and pivoting involve manual processes to provision and configure servers and associated access.

If your risk profile changes or you detect a security threat, you therefore add time into the equation. Having to take time is expensive, and putting the organisation in that position introduces risk.

…whereas the cloud enables a principle-based, flexible and scalable approach.

With the cloud, it’s easy to take a strategic approach to data security. Instead of choosing between thousands of potential rules to implement from the bottom up, you can home in on:

Where your risk is
What your exposure is
What principles you want to use for managing risk and exposure
How you want to define your risk controls

With your cloud foundation, it’s then easy to implement that top-line thinking quickly, systematically and uniformly across your environments and solutions. APIs and automation give you both economies of scale and flexibility – making it easier to manage identities, control access, detect threats early and ensure compliance with the latest standards.

If you’re going to invest in data security – it’s time to direct that investment in the lowest-risk, highest-value way.

The nature of current data threats means traditional, perimeter-based thinking and security checklists must give way to more modern, automated and principle-based risk approaches.

The cloud gives you the resilience, agility and scalability you need to make that essential shift.

So why not take a more targeted and robust approach to protecting your data – and your reputation?