Asked and answered: Store data in the cloud or onsite?

It’s a question that haunts both business-owners with data to store and couples living in cramped one-bedroom apartments: Should we host or not?

Both individuals and organizations have to decide if they should send their tax returns, customer data, trade secrets, and first-draft poems to their own servers or to trust the ones set up in the cloud by familiar providers like Google and Microsoft.

As one reader recently asked IT Brew: “Is my data secure on cloud storage providers like iCloud, OneDrive, Google Drive? If I set up my own on-premise server, is that more secure and reliable?”

The case for cloud. It’s convenient!

The global data centers supporting options like Google Cloud, Microsoft Azure, and Amazon AWS provide redundancy if a building goes dark. The big players also offer encryption and easy data access via apps or a browser.

The cloud’s concentration of customers, however, has also made the platforms enticing targets. Observed cloud-exploitation cases in 2022 grew 95% year over year, according to a recent threat report from cybersecurity company CrowdStrike.

A database could also be mistakenly placed in the cloud without enforcing access controls. Error is responsible for 13% of breaches—a figure “heavily influenced by misconfigured cloud storage,” according to the 2022 Data Breach Investigations Report from Verizon.

“That’s where we’re seeing a lot of the issues…that lead to these breaches and compromise of data, whether that’s an internal person that didn’t set a control correctly because they’re unfamiliar with cloud security, cloud environments, and cloud technology, or it’s because there weren’t clear roles and responsibilities,” said Lisa McKee, founding partner at the strategy firm American Security and Privacy.

The case for onsite. McKee, someone who keeps her most important data in an external drive in a fire-proof safe, finds better security in an onsite option where she can confirm staff and security settings.

“I’m not reliant on some other third party,” McKee told IT Brew.

Onsite storage, however, is only as good as the professionals there protecting it.

Frank Downs, senior director of proactive services at the cyberdefense platform BlueVoyant, has seen secure onsite environments—with proper patch-management and data-protection policies in place—and not-so-secure ones that had completely unencrypted onsite databases.

“The problem that we have in the field overall is there’s just not enough cybersecurity professionals. So, making sure that it’s all maintained and kept secure all the time is really hard if you don’t have the right staff,” said Downs.

According to Cyberseek.org, there are currently over 755,000 job openings in cybersecurity in the US.

Onsite storage may be the right option for especially sensitive data like intellectual property and trade secrets, but the security baseline offered by cloud providers is valuable, too.

“For the vast majority of individuals, the cloud services are going to provide you with a greater level of data protection than you would if you were trying to make your own homebrew system. That said, it depends on your level of engagement and your level of involvement with the actual data,” said Downs.

And the kind of host you want to be.