For a while now, those of us who provide Cloud services have been saying that a properly run Cloud environment is inherently more secure than traditional on-premise IT environments.
Now a recent study from Alert Logic backs up that claim. The study compared security in traditional on-premise and service-provider-managed environments of 1,500 organizations with active investment in IT security.
Both types of IT environments experienced meaningful threats during the year measured in the study.
But in every one of the seven types of security incidents tracked, those with on-premise IT environments encountered more incidents than those with service-provider-managed environments.
The difference was greatest of all when it came to malware / botnet incidents: 43% of on-premise environments encountered these incidents, while just 2% of service-provider-managed environments did.
Brute force attacks were also far more common in on-premise IT environments. In fact, 83% of on-premise environments suffered these incidents, though only 44% of service-provider-managed environments did — despite the fact those with service provider environments had more public-facing targets (websites).
Why the disparity? Service providers tend to operate more standardized system configurations and more consistently manage to best practices. In addition, the study reflects a narrower range of use cases in service-provider environments as well as the relative maturity of infrastructure-as-a-service.
And the bottom line? The right cloud infrastructure is at least as secure as a typical on-premise IT environment — and often more secure.