What are the advantages and disadvantages of cloud vs on-premise security solutions? Is one better than the other?
My comments are based on my own experiences over time.
Divyang added some significant comment and I wholeheartedly agree with everything he listed, not much one can add.
Cloud security solutions are, from what I have seen, much easier to deploy and your actual TCOE might be lower than on prem especially when you look at your full localized cost (Space, HVAC, Hardware, OS’s, IT Support, etc) The other big benefit is time to deploy and the feature sets on offer. The other big benefit is that your licensing is subscription based, this makes it easier to move if the service does not meet your expectation.
The one thing that must remain front of mind is that irrespective of where your solutions come from YOU must still configure and manage that solution. There are some providers that offer a bolt on management service or a derivative of it.
There are several factors to consider and those are as below.
1. Workload location
a. How many workloads are in cloud and how many servers are on-premise
2. No. of Branches & Internet connectivity at each branch location
3. No. of roaming users (For endpoint security)
4. No. of users accessing cloud apps or cloud workloads
5. How much you've already invested in on-premise data center & how much they're occupied.
Above list may go on & on based on the which security solution you need (e.g. workload security or endpoint security or perimeter security)
Advantage of Cloud delivered security solutions:
1. Easy to administrate
2. No need to worry about security patches & product upgrades
a. No need to worry about underline hardware
3. Integration with AWS inspector / Azure security inspector is available out of the box.
4. Security for roaming users can be provided very easily.
a. No need to expose security management server
5. Provides infinite scalability
a. No need to worry about future incremental number (e.g. increase in workloads or increase in users)
Disadvantages of Cloud delivered security solutions:
1. Can't use for Air-gaped environment
2. There may be chances of delayed logs/analysis for on-premise infrastructure depending upon internet connectivity
3. Still need some sort of on-premise module to be installed, e.g. if you go for Azure sentinel (Cloud delivered SOC), you need to install on-premise Log collector and Log Forwarder.
4. If you're under any compliance/regulatory which required data sovereignty has to be followed, Need to check with Security solution vendor where their data centers are.
5. Much more costlier than the on-premise security solution
Advantages of On-premise security solution:
1. Perfectly suited for Air-gaped environment
2. Faster log collection for on-premise infrastructure
3. Much more cheaper than cloud delivered security solution
Disadvantages of On-premise security solution:
1. Difficult to administrate
2. Need to apply security patches and product upgrades which require huge downtime
3. Always need to consider future number
a. Sizing is very difficult (usually most of the time underline compute is under/over used but not at the optimum level)
What are some best practices for keeping data centers secure? Is cloud the way to go? What solutions would you recommend?
Let the community know what you think. Share your opinions now!