For quite some time now, there has been a strong trend towards the cloud and software-as-a-service (SaaS). For some it is the software architecture of the future but for others it represents an incalculable security risk - company-critical data is particularly worthy of protection and should not leave the company.
But the pandemic showed that this "locking up" of data has its disadvantages - home offices are only possible to a limited extent with a great deal of effort. But other scenarios also require mobile data access. Ultimately, many concerns can also be disproved. In the end, companies have to decide for themselves whether to operate their own IT on site or entrust it to a service provider. On-premise or cloud - this is often more a matter of attitude than a clearly justifiable decision. The prejudices against the cloud are not unjustified, it is first of all an unfamiliar feeling to entrust sensitive data to the cloud. After all, one IT saying goes, "There is no cloud, it's just other people's computers." Yet the cloud offers some important advantages over servers in a company's own server room: • Virtually unlimited expandable processor and storage resources that can be used from anywhere. • Evenly due costs for renting the cloud instead of high initial costs for hardware and software acquisition. • No costs for administration of own hardware and software systems. • With Software-as-a-Service, you always work with the latest software version - without annoying updates. • Highly professional security departments "guard" the data • But security concerns are often overwhelming in companies. Leaving business data off- site, possibly even mission-critical data, feels dangerous. People prefer to know that their data is safe behind the locked door of the server room in the basement, to which no one has access. But this hope is deceptive: hackers don't need a physical key; they can't be stopped by a door. Nor does the server room in the basement protect against natural disasters, such as flooding. This contrasts with the cloud: The storage centers of large providers such as Amazon, Microsoft or Google are spread around the world, and the companies ideally also have several locations in one country between which the customers' data is mirrored, so that a local event has little impact on the entire cloud infrastructure. Meanwhile, companies are offering models where data is stored in multiple locations, but only in their own country or in Europe. This addresses legal requirements such as the GDPR, but also data protection concerns.
If you take a look at the real risks that threaten the security of data, they are often quite different: • The greatest danger for data theft comes from employees, visitors or customers who copy data onto USB sticks or other storage media and take it with them at the end of an activity or in the event of a dispute with the company. • Lost or stolen systems such as laptops or smartphones also pose a major threat. How quickly does a computer with the important job calculation and internal company data get left behind on the train. • Against a poorly secured laptop that falls into the hands of the wrong person, a defective hard drive may be a minor problem. If several days' work is lost because the file was only on that hard drive and not on the secured network, that's particularly annoying. • Outdated software and lack of updates repeatedly allow attackers to access devices without the user noticing. Especially when, in most companies, the user is responsible for the issue of security himself, for example when it comes to regularly installing updates. And last but not least, the constant calls from fake Microsoft employees or phishing e-mails show how important the topic of security must be in companies. Through phishing, hackers gain access to corporate networks and can cause a lot of damage there, for example when they encrypt the entire data stock and demand a ransom.
Precisely cloud solutions are such interesting targets for attack, therefore reputable cloud providers will place a lot of emphasis on data security and IT security and maintain well-staffed IT departments. In contrast to common prejudices, data is usually more secure there than on a poorly maintained and un-updated system in the company's own premises. Cloud solutions are managed by professional full-time administrators instead of someone who has complete responsibility for all IT from the mouse to the server in a medium-sized company. The requirements for professionally used services in the cloud are also much higher than for example in a public cloud. In cloud computing data is usually not stored in a file system, but in databases. In this case, every change to the data is stored as a separate data record and only compiled when required. This allows not only to restore old states. Moreover, without the individual login data, it is practically impossible to gain access to the data.
Software-as-a-Service refers to true cloud services that do not require local installation of software. This architecture offers further security against data theft: there is no usable data in the RAM or on the hard disk of the local computer that a hacker could tap. In the other direction, keyboard or mouse clicks are transmitted, so that operation feels like that of a normal computer. One of the cost advantages of cloud computing is the low requirements for local hardware: since the data is processed on the server in the cloud, the computing power is generated there and the provider has to provide the corresponding resources - this gives the customer the flexibility to also use older hardware or mobile devices.
Just because data is stored online doesn't mean it's at risk - on the contrary: well-programmed cloud applications, hosted by professional providers, are more secure than most locally installed applications. It's worth testing the offerings of these providers and switching over if the advantages outweigh the disadvantages - or just sticking with your own server!