How the Cloud increases your security

The trend has been obvious for years, more and more IT functions are migrating to the cloud. Starting with images and files that were saved in the network to make space locally, to keep multiple devices synchronized or to share the files with others, more and more came over the last few years, largely driven by higher available bandwidths and cheaper web storage space Added functions that were previously only available locally on the device.

Firewall, proxy server and even a replacement of network infrastructures such as the Virtual Private Network (VPN), which has been used for decades, have successfully moved to the cloud in recent years.

That raises a lot of questions, some of which we want to answer here. U.a.

• Why are services and functions being moved from the end device to the network?

• What are the advantages and disadvantages for companies and users?

• How complex is the changeover and how will the new environment be maintained after the move?

Can you smell the smoke already?

First of all, the reasons why functions are being carried out more and more frequently in the network instead of with a local application: For example, imagine the firewall in its literal translation as a wall around your town. If this is installed on your device, the threat will only be stopped at the smallest possible distance. You can almost smell the smoke. You also always have to expect that someone will open the door to see if the fire is really as bad as you think. It could all be completely exaggerated. Once the fire is in the house, it is already too late.

It is similar with a firewall that is installed on your device or locally in the company. Potential threats are only stopped shortly before reaching the finish line and the risk that one threat will be successfully attacked is always present.

In the IT environment, it is also the case that new types of threats constantly arise, against which one must be prepared. The firewall must therefore always be up to date in order to be able to successfully withstand the latest threats. Assuming that there is no permanent, but only regular update, there is always the risk that a new threat will attack you before you are (sufficiently) protected against it.

Fire only on the horizon

Now let's imagine that the wall is not in front of your house, but quite a distance away. You can watch every fire from a distance. Others will do the extinguishing for you and the risk of them falling victim to the fire is much lower.

In addition, the experienced firefighters are gathered right there and take care of the fire together, they also know the latest threats and know how to fight them. So you don't have to worry anymore that a different type of fire will suddenly make the leap over the wall. Because the firefighters are well connected. As soon as someone discovers a new type of fire somewhere, everyone is informed how it can best be fought.

In the IT environment, this is presented in such a way that a perimeter is set up that eliminates threats before they come near your device or your company network. Updates are no longer made regularly, but constantly, as if you were clicking the "Update" button non-stop.

Empty streets and always up to date

Other advantages include, for example, that the bandwidth that is normally used for the updates remains free in the future, as the updates are carried out in the network and updates no longer have to be downloaded to your laptop and installed there every day.

The frequency of updates is also much higher for cloud-based services, so protection against newly identified threats is provided, albeit not immediately, but much faster than with classic solutions.

The caretaker doesn't have much to do

Maintenance work and installations on local devices are no longer necessary, and the associated problem solving is almost completely eliminated. Since nothing needs to be installed or adapted locally (after the cloud services have been set up once).

New devices are immediately fully protected as threats can no longer penetrate them and the protection is the same for all devices. If, however, a rule is adapted (for example something is blocked or released the other way around), these new rules are immediately available to everyone without any time delay and local update. There are no waiting times and the likelihood that the change will not work on individual devices and have to be reworked is completely negated.

What is the catch?

Of course, this concept also has disadvantages: If the network firewall fails, there is no longer an Internet connection (so you are not unprotected). But this case is very unlikely. All providers guarantee maximum availability of almost 100% and thus significantly more than most providers for Internet connections. These solutions are all designed to be highly available. Should one instance fail, the next one takes over. A failure due to one of these solutions is therefore extremely rare in practice.

The outsourcing of customization options can be seen as a curse or a blessing at the same time. For most of all companies, the availability of contact persons (internal resources sometimes have to sleep, go on vacation or are possibly sick), knowledge of the current status of the solution and timeliness as well as in the area of ​​costs be optimal solution.

In the vast majority of cases, so-called “managed services” are used here. What is meant by “managed service” and what possibilities it offers you and read another blog article.