Adoption of the cloud is not slowing down. In fact, what’s happening is quite the opposite. According to IDC, worldwide spending on cloud computing is expected to reach $162 billion USD in 2020, growing at a compound annual rate of 19%. This isn’t surprising when you consider that more organisations are looking outside their own environment for solutions that will help them become more agile, maximise resources and save money. Yet, while this study and countless others show that more companies are embracing the cloud and its benefits, many are still hesitant to make the move. One of the biggest reasons why is security.

Particularly in the physical security industry, there is a common misconception that on-premises systems on closed networks are more secure. Many still believe that connecting to a cloud-based application becomes a source of vulnerability that will put corporate data and systems at risk. In this article, we will explore why this belief is unfounded, and why more organisations are relying on cloud service providers to enhance their systems’ security.

Why isolated on-premises systems are not immune to threats

Everyone is working with the same security tools. It doesn’t matter whether it’s an IT team securing an on-premises network, server or system, or a cloud provider protecting its infrastructure and its clients’ applications and data. Essentially, anyone can implement multiple layers of security to reinforce confidentiality, integrity and availability. These can include many mechanisms such as firewalls, intrusion detection systems, multi-factor authentication, antivirus software, etc.

While these security measures exist, the reality is that organisations either lack the expertise or the capital to build and maintain infrastructures with the utmost protection. This inevitably leaves their isolated networks and on-premises systems vulnerable to attack.

The WannaCry and Petya Ransomware attacks are good recent examples of how these vulnerabilities can be exploited, causing catastrophic results. Specifically, WannaCry attacked vulnerabilities in the Microsoft Windows operating system, allowing the malware to quickly spread to neighbouring computers. The vulnerability was promptly patched by Microsoft as soon as they were made aware, but those that did not get around to updating their systems were left at risk. Within a day of the attack being launched, it was reported that over 200,000 systems around the world were infected, holding personal and corporate data hostage in exchange for bitcoin payments.

A benefit of using a cloud service is that system updates are facilitated by the cloud service provider
All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers

Four reasons why the cloud improves your cyber security posture

As noted above, attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud. Therefore, mitigating system risks is not so much about where the infrastructure is physically located. Instead, it’s about how well the system and its infrastructure is managed from a physical and logical security standpoint.

With this in mind, below are a few reasons why cloud applications can often be more secure than isolated on-premises systems that are managed internally by an organisation. 

1. Cloud providers make layers of security more accessible

Keeping systems safe from threats is costly and complex. To do it alone, and do it well, businesses must have dedicated resources and large budgets. This is why cloud providers have an advantage. They can use economies of scale to enhance their operations and provide high levels of security for their shared infrastructure. All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers. Therefore, these businesses can take advantage of multiple layers of security that they would not have been able to put in place themselves.

2. Cloud providers facilitate system updates and patches

Ensuring systems are always up to date and minimising risk require constant attention. The landscape of cyber threats is evolving, and many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Unfortunately, updating software is time-consuming, so when an organization is faced with budget constraints, it’s a task that often falls through the cracks. A benefit of using a cloud service is that system updates are facilitated by the cloud service provider. As soon as the latest versions and fixes are available, the organisation will have access to them. This helps to ensure that systems remain protected against known vulnerabilities.

Cloud applications can often be more secure than isolated on-premises systems that are managed internally
Attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud

3. Cloud providers take onus for the risk of threats

Top-tier cloud service providers use more stringent security measures for their infrastructures than most businesses. This is because their product and core competency is at stake. In fact, companies like Microsoft have a global incident response team that works around the clock to mitigate against attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

4. Cloud providers have strict policies to prevent unauthorised access

Physical security plays an important role in safeguarding against cyber attacks. For instance, it is not uncommon to see access control servers sitting under a receptionist’s desk in the front lobby of an organisation. At any point in time, the data can be stolen or destroyed with a single USB key. For a cloud service provider, mitigating against internal threats is a critical component of what they do. From the policies and processes they outline to technologies they use, cloud service providers build datacentres with unprecedented levels of physical security. They also implement comprehensive incident response protocols, so that any breach is promptly detected and immediately dealt with.  

Why outsource the risk and costs to cloud providers?

When it comes to cyber security, the stakes are high - and organisations are finding it more challenging to keep pace with the onslaught of new threats. This is why many are transferring the responsibility and risk over to cloud service providers. Cloud service providers are not only better equipped to manage and maintain these systems and keep them secure, but also make it more affordable for their customers to access the highest possible levels of security.

Download PDF version

Author Profile

Christian Morin Chief Security Officer & Lead Strategist, Cloud Services, Genetec, Inc.

In case you missed it

Has the gap closed between security fiction and security reality?
Has the gap closed between security fiction and security reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

How moving to Security as a Service benefits both providers and end users
How moving to Security as a Service benefits both providers and end users

The way we purchase services and products is changing. The traditional concept of buying and owning a product is giving way to the idea that it is possible to purchase the services it offers instead. This approach has come from the consumer realisation that it is the outcome that is important rather than the tools to achieve it. For example, this approach is evident with the rise of music streaming services as opposed to downloads or physical products.   With the physical security industry becoming ever more integrated – and truly open systems now a reality – there is every reason to assume this service-lead trend will come to dominate the way our industry interacts with its clients as well. Interest in service-based security There is a significant change of mindset that the security industry needs to embrace before a large-scale move to Security as a Service can take place. Like many technology sectors in the past, security providers have focussed on ‘shifting boxes’ as their definitive sales model. This approach was especially prevalent when proprietary systems were the mainstay of the security industry. Essentially, if the customer wanted more services they simply bought a new product. This was a straightforward and economic sales approach for manufacturers and installers alike.The security industry needs to embrace a change of mindset before a move to SaaS can take place The flexibility of integrated and open technology has changed the way consumers view their purchase, so it shouldn’t be any surprise that there is increased interest in a service-based approach. Customer choice equates to a change of focus and interest, with physical products being eclipsed by the benefits of the overall solution. We have already seen these changes in other technology areas, notably with smart devices and general IT systems. Cloud-based services put the onus on the result rather than which device the user chooses. This approach is even starting to manifest in areas that couldn’t have been predicted in the past, such as the car industry for example. Consumers are focusing more on the overall costs and convenience of buying a car over the specific specification of the vehicle. Equally, urban dwellers don’t necessarily want the hassle and expense of owning and parking their own vehicle anymore. If you don’t use it every day, it can make more sense to rent a vehicle only when you travel beyond public transport. For these consumers the car has become a service item for a specific journey. Benefits for end users At the heart of this approach is the simple equation that consumers have a need and suppliers need to provide the most cost-effective, and easiest, solution. At the same time, the security operator may not necessarily want to know (or care) what specification the system has, they just want it to perform the task as required.   By discussing with consumers, we can ensure we work even more closely with them to provide the expert support they need and deserve Most security buyers will identify the specific business needs and their budget to achieve this. This is where a service approach really comes into its own. Customers need expert advice on a solution for their requirements which takes away the stress of finding the right products/systems. In the past there was always a risk of purchasing an unsuitable solution, which could potentially be disastrous. The other issue was having to budget for a big capital expenditure for a large installation and then having to find further resources once an upgrade was due when systems went end of life. Most businesses find it far easier to pay a sensible monthly or annual fee that is predictable and can easily be budgeted for. A service model makes this far easier to achieve. Benefits of a service sales model As well as the benefits for end users, there are considerable benefits for security providers too. Rather than simply ‘shifting boxes’ and enduring the inevitable sales peaks and toughs this creates; a service sales model allows manufacturers and installers to enjoy a more stable business model. You don’t have to win new business with every product, but rather sell ongoing services for a set period. Its highly likely that the whole security industry will start to take this approach over the next few years. Manufacturers are already well aware of this shift in customer expectations and are changing their approach to meet demands.There are major opportunities on offer in return for a change of perspective in the security industry With the service and leasing approach already firmly entrenched in other industries, this is well proven in a consumer market. The airline industry is a great example. Manufacturers understand that airlines need flexibility to upscale and downscale operations and therefore whole aircraft and even individual key components (such as engines or seating) can be leased as required. Using this approach, airlines can concentrate on what customers demand and not worry about the logistics of doing this. Manufacturers and leasing businesses provide assurances and guarantees of service time for aircraft and engines, taking care of the servicing and maintenance to ensure this delivery. This approach is just as well suited for the provision of security systems. Servicing the future security market Undoubtedly there are major opportunities on offer in return for a change of perspective in the security industry. However, this will involve substantial changes in some quarters to ensure the business model is aligned with the market. Overall, the security industry needs to not only develop the right systems for the market, but also to deliver them in the right way as well. This will ensure we work even more closely with customers to provide the expert support they need and deserve.

Intelligent video surveillance and deep learning dominate MIPS 2018 agenda
Intelligent video surveillance and deep learning dominate MIPS 2018 agenda

Milestone Systems is embracing artificial intelligence and deep learning in a big way at this week's yearly Milestone Community Days (MIPS 2018) in Las Vegas. The Danish company's theme is "Creating an Intelligent World," and Milestone's stated goal is to make "the Milestone community part of every surveillance installation in the world."    Science fiction becomes reality In a presentation on opening day, Milestone CSMO Kenneth Hune Petersen pointed to the 2002 movie The Minority Report as highlighting a variety of gadgets and systems that seemed futuristic at the time but are now perfectly possible, and in some cases outdated. Films have previously highlighted gadgets and systems that were futuristic, but are now perfectly possible, or outdated "If we dare to dream together we can make this a better world," says Petersen. "Through AI and machine learning, we can help define tomorrow. There's no doubt about it: There is a massive business opportunity for us in artificial intelligence." Despite all the talk about artificial intelligence, only about 0.5 percent of all the data in the world has currently been analysed or used, says Peterson. "Our open platform technology is the foundation for intelligent video systems and our partners have the expertise and infrastructure needed to reach the next frontier in intelligent video solutions," said Bjørn Skou Eilertsen, Milestone Systems CTO. "Together, we can provide unlimited solutions for our customers." Deeper integration and broader coverage Expanding the Milestone community this year has included the addition of 1,000 new models of supported hardware devices; there are currently more than 7,000 models supported. Milestone is also pursuing broader coverage of installations through their partners, with deeper integration of functionality, and by deepening existing relationships with customers. ‘Creating an intelligent world’ includes deep learning and lots of video systems, says Milestone at their annual conference Under new agreements, hardware partners such as Dell EMC and BCDVideo now provide XProtect Essential+ software pre-loaded on servers they sell. The focus at MIPS 2018 on AI included a presentation by Tanmay Bakshi, the "world's youngest IBM coder" and TED Talk speaker, at 14 years old. The prodigy, who has been coding since the age of 4, has worked with IBM and other companies on a variety of AI-related projects. Using deep learning with video is currently limited because so much video is unlabelled and unstructured In his MIPS 2018 keynote speech, Bakshi traced the development of AI through high-profile events, such as IBM's development of the "Watson" computer, which successfully competed on Jeopardy!, and Google's development of AlphaGo, a program that successfully plays the complex ancient board game, Go. Data demands deep-learning Bakshi focused on security and healthcare as two disciplines where deep learning can potentially have a big impact. Using deep learning with video is currently limited because so much video is unlabeled and unstructured. Still, projections are that there will be a billion cameras worldwide by 2020, providing an over-abundance of data that demands the use of deep learning to make sense of it all. "There is a misconception that AI is meant to replace us, to make humans obsolete. AI is not replacing us. It is created by humans to amplify human skills. AI can reduce information overload to enable humans to work with the data more efficiently," said Bakshi. He suggested that AI is equivalent to IA; Bakshi's abbreviation meaning "intelligence augmented." AI can reduce information overload to enable humans to work with the data more efficiently The ability to scale AI applications using "distributed deep learning" and graphics processing unit (GPU) hardware is paving the way for greater use of deep learning in video applications. Adam Scraba, Global Business Development Lead at NVIDIA, outlined the trends that are making the current "Big Bang" of deep learning possible. He said it is "the most exciting time in tech history," with "software that can write its own software" now among the tools that make previously unsolvable problems now solvable. AI-driven intelligent video analytics can now achieve "super-human" results, he said. An intelligent world to combat crime Instead of sitting for hours staking out a suspected drug dealer alone, entire investigations now take hours instead of days A success story about the game-changing capabilities of video data was supplied by Hartford, Conn.'s Capital City Crime Center (C4). The Hartford police department uses video data in a "predictive policing" approach. They have created an "intelligent world with smart policing to combat drug trafficking," according to C4 Supervisor Johnmichael O'Hare of the Hartford Police Department. Instead of sitting for hours staking out a suspected drug dealer, for example, video of a site can be analysed to determine areas with higher levels of foot traffic that indicate drug buys. The result is investigations that take hours instead of days. Hartford incorporates several technologies, including ShotSpotter gunshot detection, Briefcam video synopsis and other systems, all tied together using the Milestone platform. More than 700 attendees make MIPS 2018 the largest such event ever, and exhibits by around 60 Milestone partner companies attest to the continuing expansion of the Milestone community. [Main image: Tanmay Bakshi (left) and Johnmichael O’Hare of the Hartford Police Department (right) discuss key security issues of the modern day]