Grounded in the Cloud
Showing results for 
Search instead for 
Do you mean 

Cloud in the Enterprise–Security 4–Where is Safe?

Rog42 ‎01-25-2013 08:30 AM - edited ‎10-27-2015 09:03 PM

By Roger Lawrence, Chief Technologist, Strategic Enterprise Services - HP South Pacific


When I was at Microsoft, I had the occasional opportunity to work with Jesper Johannsen and Steve Riley, two of the Security Evangelists at the time. Jesper moved on to Amazon. Steve to Riverbed. They had a saying:

“If I have physical access to your computer, I own your computer.”


This is one of the immutable principles of computer security. Given enough time, any security system can be hacked.

Which brings us to this week’s topic: What happens when security systems are more secure in the cloud than on premise?

  under_desk.jpgCapability Maturity


This all comes down to the capability maturity of your organisation. If we go back a short decade or so, most PC-based applications were architected in a distributed fashion. This was because of two technology constraints at the time:

  1. Expense and Reliability of Network Bandwidth

WAN technologies were still in their infancy, and hugely expensive. It was more cost effective for organisations to distribute servers to branch sites, because LAN traffic was a lot more reliable and cost effective than WAN traffic.

  2. Compute power

Simply put—computers could process fewer transactions. So instead of paying for the expense of a data centre with tens or hundreds of computers needed to support thousands of users; it was less expensive to host few servers on branch sites.

Roll forward a

decade, and there are large enterprises that still host a number of critical systems at branch sites. This even though network bandwidth is hugely more reliable and compute power has increased by a factor of at least 64. Examples include: Active Directory Domain Controllers, Dial-In (RADIUS) servers, mailbox servers and other network intensive applications.


This is mainly due to the capability maturity of an organisation. Many enterprises still see IT as a Technology Provider. They simply see it as a cost centre that provides IT systems as a support function to the business. In that model, IT never gets the capital to re-architect or consolidate services. It’s just easier to keep current systems running

Which brings us back to:


“If I have physical access to your computer, I own your computer.”


The Domain Controller for your organisation, at the very least, contains all of the authentication and access control for compute resources across the enterprises. Often these contain the hierarchical relationships and contact details for employees too. If someone can get access to one of your DC’s—because it’s in a remote site—they can engineer access to your entire network.


Of course this doesn’t only apply to Authentication Services, but to any application that is hosted across the network.

This also doesn’t only apply to confidentiality of information, but also to availability. Giving remote users access to services hosted in branch offices increases the risk of denial of service (because there is no network access) or the risk of unnecessary traffic on the branch network.


In these instances, hosting these services in the physically secure data centre of a cloud vendor, architected for High Availability both physically, and logically, is more secure than on premise.


What are your thoughts? Do you think the Cloud is more secure than a data centre? Why or why not? Share your thoughts in the comments section below. I know the other readers will want to hear your thoughts as well.


About the Author


Roger has been trying to get out of Information Technology since programming COBOL on mainframes in the late '80's. But no matter in which continent he awoke, or whom employed him, his passion to enable people with technology was constant. So now he enables businesses to determine their strategy using the latest technologies like cloud computing, mobility, and big data. HP calls these Strategic Enterprise Services, Roger calls them "another day in the office."

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all