Security show-down: cloud versus on-premises

Is the cloud secure?

This is literally the most-asked question in the industry: we asked 900 senior IT decision makers from across Europe to list their top IT challenges and security is their number one IT challenge.

In fact, it’s actually the accessibility of data, rather than its location that has the biggest impact of security.

Cyberattacks are opportunistic…anything that can be accessed externally has a more or less equal chance of being attacked. Alert Logic, in their Fall 2012 State of Cloud Security Report, found that web app-based attacks hit IT services provider environments about as often as on-premises environments (53 per cent versus 44 per cent, respectively).

Interestingly, on-premises users and customers actually experienced more incidents than those using cloud providers (61.4 attacks on average, versus 27.8, respectively), suggesting the cloud providers have the edge over on-premises teams when it comes to holding off attacks.

Ultimately, a sound security strategy – and adequate resources to back it up – is the key differentiator in any security scenario. Not whether or not the cloud is involved.

So why does the myth that the cloud is inherently insecure persist?

Because people often equate security with perceived control. With on-premises, if a mission-critical app goes awry, then you can drag yourself out of bed at 3 in the morning and go in and fix it. Therefore you have control and everything is secure. You might go insane micromanaging every problem under the sun. But you have control.

But, all other things being equal, there’s no reason to believe that just because the servers are under your roof – as opposed to someone else’s – they actually are more secure.

They just feel less secure. It’s a cognitive trick we play on ourselves.

In fact, the size, resource and expertise that cloud providers enjoy can add up to considerable security benefits for their customers. A well-staffed provider with years of built-up security expertise is likely to be in a better position than an under-resourced in-house IT team to provide security. They’ll also be familiar with the ins and outs of compliance and legal concerns.

Not to mention the fact that cloud providers – who make a living building secure cloud-based platforms for enterprises – typically focus more on security and governance than those who build systems that will exist inside firewalls.

What’s more, a service provider should be able to provide best-of-breed connectivity as well as disaster recovery and business continuity options. Leveraging their investments and combining cloud, disaster recovery and connectivity into a single package can actually enhance security, whilst reducing overall costs.

As every year goes by, the myth of the insecurity of the cloud gets weaker and weaker. Entire companies are now housed in the public cloud – this would have been unthinkable ten years ago. So get in touch with our experts to see how you can enhance the security of your business.

Claranet Managed Security

Written by Ben Tannahill - External Communications Executive

Ben has wide communications experience across sustainability, 3D-printing, SaaS and Managed Services. He takes care of Claranet's content creation and social media.

Questions? Get in contact with us

Make a sales enquiry

Please fill out the form below with your sales enquiry and we'll get back to you as soon as possible. If you are looking for technical support please email

Fields marked with a * are required

We aim to respond to all email enquiries within 5 working days, but we usually respond within 24 hours.

Speak to a member of the team

Please give us a call on 0207 685 8000 between 09:00 - 17:30 Monday to Friday to speak with one of the sales team.

For small business enquiries, please call Claranet SOHO on 0800 640 8009

Looking for technical support? Our UK support team are available 24x7x365 to help on 0330 390 0500