X
(Search)
Contact
  1. Inway Systems
  2. Blog
  3. Why solutions from the cloud are more secure

Why solutions from the cloud are more secure

Marco Niecke, Torben Nehmer
Why solutions from the cloud are more secure

Whether simple Office applications or the use of business solutions such as ERP and CRM, many companies still fear that working in the cloud is not secure. What many overlook: Security is a multi-layered concept that involves more than just protection against unauthorized access, data theft or data loss. In this blog post, we discuss the facets of the term β€œsecurity” and show you why, in our opinion, the cloud is currently the most secure solution for using business software.

 

The many facets of security

For a comprehensive security strategy, companies need to consider several aspects - regardless of whether they store data locally or work with a cloud solution. These are

  • Object security (intrusion protection)
  • Failure safety (high availability)
  • Backup strategy (disaster recovery)
  • Protection against digital attacks (security)

In addition to the aspects mentioned here, rights management (access control) and a data protection concept are also part of a complete security concept. However, as these are conceptual issues in which it makes no significant difference where software and data are hosted, rights management and data protection are not the subject of the following comparison.

1. Property security / physical protection

According to police crime statistics, a burglary occurs on average every 5 minutes in Germany. Protecting your own IT infrastructure therefore also means physical property protection - be it against theft, vandalism or sabotage. Once an attacker gets into a server room - and thus behind the firewall - attacks on a company's IT infrastructure are much easier to carry out from here (e.g. by installing malware, recording network traffic, etc.).

All-round protection for the IT infrastructure in data centers
All-round protection for the IT infrastructure is significantly better in data centers

 

Modern cloud data centers have a high-quality security concept for their server rooms in terms of access control and burglary protection. Mechanical protection, video surveillance, dual control principle, round-the-clock security staff, monitoring at critical access points: All of this is implemented in exemplary fashion in the large data centers.

Added to this are

  • permanent control of the room temperature in server rooms,
  • Protection against overvoltage of all hardware components
  • Protection against technical damage such as fire, water damage, CO2 etc.

The probability of data centers falling victim to burglary and losing company data in this way is negligible.

 

2. Reliability / high availability

Power outage, network failure, hardware crashes or fire: the risk of one of these events affecting a company at some point should not be underestimated. Security therefore also means being prepared for these scenarios. After all, what happens if a company's ERP system goes down on a Monday morning - e.g. after a power cut or hardware failure? The web store is offline, production comes to a standstill and the financial and reputational damage increases with every hour of downtime.

If such a scenario (hardware failure, power failure) does not affect ongoing operations, then we are talking about a highly available, fail-safe system.

 

Reliability and high availability are better implemented in the cloud

High availability means that all components and the entire IT infrastructure must be available at least twice. This means

  • all hardware exists twice and is physically separated from each other
  • two power lines are laid to different routes
  • Two network connections are available

Modern data centers are planned in such a way that they take into account the principle of highly available IT infrastructure. To name just the two most important issues:

  • All necessary redundancies are standard.
  • Administrators are available around the clock to intervene in the event of damage.

In addition, modern data centers are divided into different fire compartments so that high availability is guaranteed for customers even in the event of a fire. Geo-redundancy - the provision of IT infrastructure at two different locations at a physical distance - is another service that cloud data centers offer. This ensures reliability even in the extremely unlikely event that a data center fails completely.

For most companies, high availability is therefore much easier and, above all, cheaper to implement via the cloud. The know-how required for both conception and subsequent operation alone is enormous. Implementing geo-redundancy is definitely too complex and too expensive.

 

3. Backup strategy / disaster recovery

If data suddenly corrupts in the production system (e.g. after a virus, an incorrectly installed update or a hardware error), it does not help if the IT infrastructure has been mirrored and all components are duplicated. In this scenario, the IT administration should restore a complete backup within the shortest possible time - a maximum of 1 to 2 days is calculated here. The backup can either come from the cloud or - still common today - via tape drives and magnetic tapes, which are stored in bank safe deposit boxes, for example.

Depending on the damage caused, backups often take at least 1-2 days, often even longer. In the event of damage to important hardware, for example, it must first be reordered. Many components have very long delivery times or require expensive maintenance contracts with spare parts guarantees and corresponding response times. Extensive technical know-how is also required here. Disaster recovery in under 48 hours is therefore an enormous challenge for all companies.

Backup strategy and disaster recovery are routine in the cloud

In Cloud Rechenzentren gibt es von Anfang an die notwendigen Redundanzen bei der Hardware, sowie mehrere, auf Desaster Recovery spezialisierte Systemadministratoren. Daten werden hier aktuell und Geo-Redundant synchronisiert. So ist es im Schadensfall oftmals nur ein Routine-Eingriff, ein Backup von dem Zeitpunkt vor besagtem kritischen Ereignis einzuspielen.

In den Rechenzentren von Microsoft gilt gemÀß Service Level Agreement eine Wiederherstellungszeit von deutlich unter 24 Stunden – Dynamics 365 for Finance und Operations beispielsweise besitzt eine typische Wiederherstellungszeit (β€žRecovery Time Obejctiveβ€œ) von 10 Stunden!

Auch abseits davon ist spΓ€testens nach einem Tag ein Backup eingespielt. Business-LΓΆsungen wie Microsoft Dynamics 365 for Finance and Operations sind darΓΌber hinaus mit dem Notfall-Wiederherstellungsdienst Azure Disaster Recovery abgesichert. Oft sind hier erheblich geringere Recovery Zeiten, teilweise im Minutenbereich, mΓΆglich.

 

4. Protection against digital attacks

Unlike the first three scenarios, which tend to occur infrequently, digital attacks on companies and their IT infrastructure happen several times a day. Effective protection against this threat means three things:

  • A secure network / firewall
  • Regular closing of security gaps / updates
  • Protective measures against social engineering
Protection against digital attacks in the cloud

 

4.1 Firewall

The right configuration is crucial for a firewall. This requires a great deal of experience and expertise, especially if a company's employees also work from home or on the road - i.e. from other networks - via VPN.

In cloud data centers, network technicians and system administrators are on hand around the clock. This enables a cloud provider to detect and prevent unusual data flows more quickly. Access via VPN from external networks is handled rather restrictively in data centers - or user-specific firewalls are set up and maintained.

Companies that prefer an on-premise solution can also achieve this protection with other service providers. However, the chances of success of a digital attack on the firewall of a cloud data center are much lower.

 

4.2 Security updates

As we have already described in this blog, it is worth keeping your ERP system or IT infrastructure up to date for several reasons. Closing security gaps is a central argument here.

To avoid risks, companies must be very disciplined and regularly install all updates for all programs. In data centers, this happens automatically. The zero-day gap for cloud applications is therefore always as small as possible.

 

4.3 Social Engineering

Social engineering are attacks that identify and exploit the employee / PC user as a weak point. The classic: β€œcraftsmen” who gain access for a brief moment, for example in server rooms.

For companies that do not continuously sensitize their employees in this area, the chances of success of social engineering attacks are extremely high. An experiment has shown that a (malicious) file on an β€œaccidentally left behind” USB stick can find its way into a company's network alarmingly quickly - and could cause enormous damage. This scenario would be unthinkable in cloud data centers. Here, all employees are aware of the most common social engineering tricks and are sensitized and trained.

 

Cloud solutions are the best protection against social engineering

As just shown, the more promising targets of social engineering attacks are the employees of companies, not the employees of cloud data centers. But there is an even more decisive argument as to why applications and data are much more secure in the cloud in the event of social engineering attacks.

A successful social engineering attack (e.g. with an encryption Trojan) always causes enormous damage. If the infected data is located exclusively on your own servers and not in the cloud, the damage is considerably greater. This is because the Trojan has to overcome several security barriers before it can make the leap from the local network to the data in the cloud. Often - as in the case of Dynamics 365 - there is no direct access to the cloud infrastructure.

Even if such a breach is successful, cloud data centers - as described in the disaster recovery section - can very quickly fall back on backups after such an attack and restore the system to the state it was in shortly before the attack.

 

Conclusion:

As shown by four key security aspects, security in cloud data centers is above average. This is where the N-advantage comes into its own, as cloud data centers not only protect their own data, but also that of a very large number of companies. This means that all customers benefit from one-off high acquisition costs for security technology and all the necessary redundancies.

With Frankfurt am Main and Magdeburg, Microsoft has been operating two modern data centers on German soil since 2015. Two more are planned, one in Berlin and another in Frankfurt am Main. All of the security aspects described in the article have been implemented here in an exemplary manner - emergency recoveries for business solutions such as ERP and CRM are only a matter of seconds here thanks to Azure Disaster Recovery.

Of course, cloud data centers do not offer 100% protection against digital attacks per se. But they reduce the attack surface enormously and can almost completely eliminate all the risks shown. To achieve a similarly high standard of security, companies would have to make an exorbitant effort. Our conclusion is that cloud-based solutions are currently among those with the highest security standards.

 

 

Back to the blog

Linie
Do you have any Questions?

Sales Team

+49 731 880073 0
sales@inway.de

Contact
Contact
More Blog Articles
- Marco Niecke
New Commerce Experience (NCE) - new pricing and license model from Microsoft


Read more
- Marco Niecke
Migration to the cloud: From Microsoft Dynamics NAV to Microsoft Dynamics 365 Business Central


Read more
Contact+49 731 880073-0
info@inway.de
Locations

Neu-Ulm

Cologne

Chemnitz

Berlin

Hamburg​​​​​​​