It’s a common misconception that on-premise infrastructure is inherently more secure than infrastructure managed by a service provider in the cloud. And while security remains among the top concerns that some users have about cloud computing, recent research from cloud security player Alert Logic found that security threats faced by infrastructure in the cloud is on par, or in many cases less prevalent than those for on-premise system.
“Ultimately, the key finding was that it isn’t the cloud that is inherently secure or insecure; it’s about the quality of management,” said Urvish Vashi, vice president of marketing for Alert Logic, a cloud Security-as-a-Service provider and Rackspace partner.
Alert Logic recently evaluated customer security incidents and event data to craft the first of a new twice-a-year study “Removing the Cloud of Insecurity: State of Security Report.” The data highlights that service provider and cloud environments fall victim to fewer security incidents than on-premise systems.
In fact, Vashi said, service provider managed environments on average have better security hygiene than their on-premise counterparts. Alert Logic's research revealed that when compared to traditional in-house managed IT environments, service provider environments showed lower occurrence rates for every class of security incident examined, and service provider customers experienced lower threat diversity, or the number of unique incident classes experienced by a customer, than on-premise users. Further, on-premise environments were 12 times more likely than service provider environments to have configuration issues, which opens the door to compromise. Additionally, Alert Logic found a higher frequency of web application attacks in on-premise environments than those in service provider infrastructures.
According to Vashi, Alert Logic observed 2.2 billion security events during the year-long study period from July 2010 to June 2011. The events were evaluated and correlated through Alert Logic's expert system and reviewed by its security analysts. From there, 62,000 incidents were verified and classified into seven incident categories: application attack, brute force, malware/botnet activity, misconfiguration, reconnaissance, vulnerability scan and web application attack.
Then, Alert Logic evaluated three factors: occurrence, frequency and threat diversity to assess whether on-premise or service provider environments experience different levels of risk. In all incident classes, Vashi said, the percentage of Alert Logic customers that experienced security incidents was lower for service provider customers versus on-premise.
Additionally, the average number of misconfiguration-related incidents per impacted customer was roughly 3.0 instances in hosted/cloud, 4.0 for on-premise. However, 12 percent of on-premise customers experienced a misconfiguration incident, while just 1 percent of service provider customers did.
On-premise users are hit even harder when it comes to malware, which Vashi said impacts 43 percent of on-premise customers versus just 2 percent of service provider customers, while on-premise users are hit about 30 times per year and service provider customers just 8 times per year. However, a large portion of this difference can be attributed to the difference in IT footprint between the two sets of customers. Malware has historically targeted desktops and endpoints which are not commonly deployed in hosted or cloud environments.
Alert Logic, in the study, concludes that to protect against incidents, it’s important to focus on basic hygiene, web application and security configuration issues; strategically isolate workloads in the most appropriate environment; and build and maintain security expertise for workloads retained on-premise.
Want to learn more about security? Check out Alert Logic’s “Anatomy of an Attack” infographic.