Skip to content



Cloud Security Tipping Point

By Ian Campbell
CEO of Nucleus Research

Perhaps no other industry conference showcases more on-premise technologies these days than RSA, the annual security show taking place in San Francisco this week. That’s because many have bought into the false narrative that cloud security is riskier than shoring up on-premise systems to protect valuable data. This outdated thinking is holding businesses back from the advantages the cloud offers. Worse yet, it’s likely putting their data at even more risk for attack.

Data security has been a major obstacle to cloud adoption for more than 15 years, dating back to the early days of on-demand applications. And while most businesses have overcome those concerns, security remains the leading justification for organizations seeking to keep their operations on-premise. In fact, it’s holding back entire industries.

Take financial services, for example, which has been bullishly reluctant to shift any sensitive data to the cloud. Healthcare has also resisted the move, fearing breaches of highly sensitive patient data. The theory goes that an on-premise system gives more control and presumably better security over data that needs to be kept private.

Which is why the results of our recent Buying Intentions Survey on Security were so surprising. Respondents actually rated cloud data security higher than on-premise, flying in the face of conventional wisdom. And those companies that had invested heavily in cloud solutions were even more confident in their data security. It would seem a security-based case for on-premise systems is starting to crumble.

And now that security is under more scrutiny as a budget item, it’s getting harder to justify an on-premise decision. In fact, the survey found companies that had migrated heavily to cloud solutions were spending 22 percent less on data security. Combine that with the 1.7 times more value a cloud solution delivers over traditional on-premise solutions [Learn more here] and the decision becomes clear. Try to argue on-premise with the CFO now.

We believe this survey indicates a tipping point for those industries and businesses resisting the cloud. A major factor shifting the scales is a dramatic improvement of data protection on the part of cloud providers. This includes more physical security at the data center, periodic access reviews and improved infrastructure such as better firewalls and Distributed Denial of Service (DDoS) protection. Further, the cloud has advantages for addressing issues such as ransomware exposure.

In fact, our survey suggests a new narrative where cloud security is not only easier to manage, but significantly better than vulnerable legacy on-premise systems. Consider how many breaches have resulted from an employee leaving a device with sensitive data at a Starbucks. By focusing on better ways to secure data in the cloud, the device threat all but goes away.

And with virtualization technology that can play out various malicious scenarios in a simulated sandbox (similar to prescriptive analytics) before allowing real-time access to sensitive data, we are seeing even more advances in securing data within the cloud. That’s not to say there won’t be any breaches or successful malware attacks, but the cloud is surpassing on-premise.

It might not be overnight and will certainly not be publicized, but the financial services and health care industries will increasingly migrate to cloud solutions. Not only to save money, but for better security.