Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Cloud in the Enterprise–Security 4–Where is Safe?


By Roger Lawrence, Chief Technologist, Strategic Enterprise Services - HP South Pacific


When I was at Microsoft, I had the occasional opportunity to work with Jesper Johannsen and Steve Riley, two of the Security Evangelists at the time. Jesper moved on to Amazon. Steve to Riverbed. They had a saying:

“If I have physical access to your computer, I own your computer.”


This is one of the immutable principles of computer security. Given enough time, any security system can be hacked.

Which brings us to this week’s topic: What happens when security systems are more secure in the cloud than on premise?

  under_desk.jpgCapability Maturity


This all comes down to the capability maturity of your organisation. If we go back a short decade or so, most PC-based applications were architected in a distributed fashion. This was because of two technology constraints at the time:

  1. Expense and Reliability of Network Bandwidth

WAN technologies were still in their infancy, and hugely expensive. It was more cost effective for organisations to distribute servers to branch sites, because LAN traffic was a lot more reliable and cost effective than WAN traffic.

  2. Compute power

Simply put—computers could process fewer transactions. So instead of paying for the expense of a data centre with tens or hundreds of computers needed to support thousands of users; it was less expensive to host few servers on branch sites.

Roll forward a

decade, and there are large enterprises that still host a number of critical systems at branch sites. This even though network bandwidth is hugely more reliable and compute power has increased by a factor of at least 64. Examples include: Active Directory Domain Controllers, Dial-In (RADIUS) servers, mailbox servers and other network intensive applications.


This is mainly due to the capability maturity of an organisation. Many enterprises still see IT as a Technology Provider. They simply see it as a cost centre that provides IT systems as a support function to the business. In that model, IT never gets the capital to re-architect or consolidate services. It’s just easier to keep current systems running

Which brings us back to:


“If I have physical access to your computer, I own your computer.”


The Domain Controller for your organisation, at the very least, contains all of the authentication and access control for compute resources across the enterprises. Often these contain the hierarchical relationships and contact details for employees too. If someone can get access to one of your DC’s—because it’s in a remote site—they can engineer access to your entire network.


Of course this doesn’t only apply to Authentication Services, but to any application that is hosted across the network.

This also doesn’t only apply to confidentiality of information, but also to availability. Giving remote users access to services hosted in branch offices increases the risk of denial of service (because there is no network access) or the risk of unnecessary traffic on the branch network.


In these instances, hosting these services in the physically secure data centre of a cloud vendor, architected for High Availability both physically, and logically, is more secure than on premise.


What are your thoughts? Do you think the Cloud is more secure than a data centre? Why or why not? Share your thoughts in the comments section below. I know the other readers will want to hear your thoughts as well.


There is no difference between theory and practice, in theory....
0 Kudos
About the Author


Roger has been trying to get out of Information Technology since programming COBOL on mainframes in the late '80's. But no matter in which continent he awoke, or whom employed him, his passion to enable people with technology was constant. So now he enables businesses to determine their strategy using the latest technologies like cloud computing, mobility, and big data. HP calls these Strategic Enterprise Services, Roger calls them "another day in the office."

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all