The True Cost of Being On-Premise – Security
When it comes to security, there is more than one thing to consider. There is server security (physical) and application/data security.
On-Premise/Server Security vs. Data Center security
On-premise server security is typically provided by a single or a few employees who are not 100% dedicated to security and possibly not trained in security. This goes for both physical and application/data security.
At all Google data centers, they have 6 layers of security. Not all Google employees are allowed to enter Google data center premises.
Level 1: Signage and fencing – Google has fences and posts around their data centers.
Level 2: Secure perimeter – Google can see where you are via cameras including thermal cameras around the facility. Google can track where a person has been in the facility as well.
Level 3: Building Access – You have to be authorized to enter a Google datacenter. Inside the building, there are more security checkpoints before one can access increasingly sensitive areas. Google uses security officers, RFID badges, and biometric (iris scanning) methods to validate the identity and access privileges of those trying to enter the exterior of the building.
Level 4: Security Operations Center – Sensor and camera data are monitored here. They integrate with the security teams inside as well as outside of the facility.
Level 5: Data Center Floor – Data center floor access is limited to engineers that absolutely need access to that specific floor.
Level 6: Secure Hard Drive Destruction – Drives that are ready to be destroyed are passed to the destruction room via a two-way locker. This allows only authorized personnel in the drive shredding room to have access to the drives. Cameras, security, and metal detectors are found throughout the data center to prevent anyone from leaving with hardware without authorization.
Application/Data Security
Who has access to your application and how are they accessing it? At Pick Cloud, data is encrypted at rest and in transit automatically. Coming soon, via confidential VMs, it will be encrypted while in use as well. Telnet is not secure. One of the key advantages of SSH over telnet is that the server authenticates itself to the client before it collects credentials from the client. This prevents someone from accessing your application who shouldn’t be.
Here are some things you can do to lock down your application:
- Whitelist only the IP addresses of the locations that are accessing the application.
- Provide SSH keys to everyone who accesses the application. Anyone who does not have one will not be able to access the system. Use a VPN.
- Use YubiKeys if you want to be ultra-secure. These require a physical key to authenticate the identity of the user.
Printing can be made secure from the cloud by using products such as CirrusPrint. CirrusPrint allows secure document transmission using SSL. In addition, it compresses the print jobs, which reduces bandwidth.
We have access to a global team of more than 900 security experts who monitor the system 24 hours a day to detect and respond to attacks or issues.
Even though Google may be protecting your data, no matter where it resides, your data is still yours.
The level of security you can afford for your on-premise server is nothing near the levels a cloud provider can offer. Data is a company’s most valuable asset. How are you protecting yours?