Is Your Data Safer in The Cloud Than On Premises? The Answer Depends on You
If your company is using SaaS versions of your business software on Microsoft Azure, you feel confident that your data and applications are safe. But there is more to data security than being in the cloud. Whether you’re on an on-premises or a SaaS deployment, there are things you need to be aware of and do to ensure your data is as secure as possible.
The Cloud Has Become the Norm
When you think about it, it wasn’t too many years ago that most companies shied away from going to the cloud with ERP, CRM, and other applications because of concerns about data security. That has shifted dramatically; today, the cloud is becoming more the norm, thanks to large, stable companies like Microsoft and Amazon getting involved. Despite cybersecurity issues and ransomware attacks, it’s a fact that the cloud is the future and it can be trusted with your data.
BUT… regardless of your deployment choice, your data is still sitting on a server somewhere—either locally or with Microsoft/Amazon/etc. The rules still apply in that your data can still be accessed by anybody who compromises your environment. So, regardless of where your data resides, it will only be safer if you take the right steps.
What You Need to Do to Help Ensure the Safety of Your Data
Regardless of which path you choose; you have a responsibility to do your part in ensuring the safety of your data.
It is imperative that you secure key accounts like Domain Admin on premises and the Global Admin in Azure and not use them for everyday activities. You must also make sure you are taking regular backups of your data and that those backups are being secured in a backup vault that is not accessible to the network.
The very nature of SaaS helps to secure your data since no one, besides Microsoft, has access to the back-end servers or physical infrastructure. The only way we can connect to that data is through a web interface; it cannot be accessed directly. There is no line of sight to the data.
However, your data can still be compromised. For example, let’s say you have a compromised global admin account on Azure active directory. There is a very good chance that your Business Central data could be compromised as well as your email, SharePoint, and OneDrive for the entire organization. If the attacker wanted, they could export your data to a backup and hold it for ransom.
Your Data Is Only as Secure as Your Users and Their Accounts
Speaking of users, the simple truth is that your data is only a secure as your users—and they’re the weakest link in the security chain. So, it’s critical that your users are educated and understand the nature of phishing attacks and what they can do to recognize them. There are tools that help with this.
If You’re on Azure, Use The Tools Provided By Microsoft
I always say you can never have enough backups. You want to backup, backup, and backup again. With on premises, you must apply your security updates and secure your connections, users, and data. You typically do scheduled backups—hourly, daily, or whatever is best for your company. You also likely do monthly, quarterly, and yearly backups, typically for compliance purposes. If you’re on Azure—which is designed to protect your data—all of this can be achieved through the tools that Microsoft provides to help you back up files and folders and secure them in a backup vault, and ensure your users are secure when they connect to different environments (we recommend multifactor authentication and even geo restrictions if applicable).
Windows Defender Advanced Threat Protection (ATP) is a preventative and post-detection, investigative response feature to Windows Defender for SharePoint, Microsoft (Office) 365 and more. ATP’s features are standard in many high-end anti-malware packages:
- Threat and Vulnerability Management performs a software inventory on endpoints in real time. The resulting data is used to detect, prioritize, and mitigate security vulnerabilities related to applications and missing patches.
- Attack Surface Reduction reduces the overall attack surface of a system through hardware isolation and application control. Applications are no longer considered trustworthy by default; only trusted applications are allowed to run.
- Next Generation Protection performs continuous scanning to detect and block threats. Machine learning and Security Graph are used to spot new and emerging threats.
- Endpoint Detection and Response groups related attacks into incidents, making it easier to prioritize, investigate, and respond to threats.
- Automated Investigation and Remediation examines the alerts and eliminate “noise” alerts, which allows security professionals to focus on more pertinent alerts.
- Secure Score is used to rate the current security configuration, from which prescriptive guidance is given to help improve the security score.
- Microsoft Threat Experts uses artificial intelligence to detect and prioritize attacks.
- Management and APIs allow Windows Defender ATP to be integrated into an organization’s workflow.
- Microsoft Threat Protection ensures ATP works with other components in Microsoft’s Threat Protection solution for end-to-end security. Other layers include Azure Advanced Threat Protection, the Azure Security Center, Azure Informational Protection, Conditional Access, Microsoft Cloud App Security, and Office 365 Advanced Threat Protection.
Deployed correctly, ATP is a very cost-effective way to save a great deal of pain and loss.
So, What’s The Answer?
Is your data more secure in the cloud? The answer is a qualified “yes”, but you must do your part by:
- Taking advantage of all the tools that are available to you by the provider—Microsoft in the case of Azure,
- Train your users, including your global admins
- Secure key accounts
- Have a rock-solid backup and recovery plan, and
- Have trust in your provider. Check their SLA policy.
Don’t Go It Alone
Securing your data, applications, platforms, employees, and customers is critical to the health of your business. It is not the time or place to cut corners or make ill-informed decisions. With so many moving parts and so much at stake, don’t try to go it alone; talk to the experts at ArcherPoint, who have the experience and expertise to give you guidance you can trust.
Watch our webinar Demystifying Cybersecurity with ArcherPoint, where we pack a lot into 30 minutes, including endpoint management, password health, backups, end user education, and more.