Security is a major issue for any datacenter, which administrators typically address by dealing with issues such as data loss and unauthorized access. These are important concerns whether the datacenter is local or virtual. However, in the case of an on-premises datacenter, there is another potential attack vector: the physical. Servers and other equipment can be stolen outright, damaged by fire or other disasters, or physically accessed by intruders. Therefore, additional security measures, such as door locks, surveillance equipment, access credentials, or even manned security checkpoints, might be required.
Cloud-based services eliminate the need for the subscriber to maintain physical security because the provider furnishes it. However, there is still the issue of software-based security, and cloud providers nearly always provide an array of controls and services that enable you to harden the security of your servers and applications to accommodate your business needs.
Note You are always responsible for your data
Organizations using cloud resources to implement their servers must be aware that they are still responsible for the security and privacy of their data. For example, if an organization stores patient medical records on a cloud-based file server, the organization remains responsible for any data breaches. Therefore, contracts with cloud providers should stipulate the security policies they must maintain.
Infrastructure
In an on-premises datacenter, the administrators are responsible for all aspects of the servers and other equipment, including environmental control, hardware installation and maintenance, operating system configuration and updates, and application deployment and management. Cloud-based services enable subscribers to specify which infrastructure elements they are responsible for maintaining.
For example, a subscriber can use the IaaS model to contract with a provider for a virtual machine running a server operating system so that the subscriber is responsible for the entire deployment, operation, and maintenance of the virtual server. The subscriber does not have direct access to the physical hardware of the host system, of course, but they do have control over the virtual hardware on which the server is running, as well as all the software running on the server, including the operating system. In some situations, this is desirable or even essential.
In other situations, cloud-based services can take the form of preinstalled server platforms or applications. In this case, the subscriber might have limited access to the server or no access at all. For example, in the case of a subscriber contracting for Microsoft Exchange Online using the SaaS model, the provider grants the subscriber administrative access to the Exchange Server application. Still, it does not provide the subscriber access to the underlying operating system on which the server application is running. For a Microsoft 365 subscriber, the provider only grants access to the Office applications and the various administrative service portals. The subscriber knows nothing about the servers on which the applications run or their operating systems.
These options enable cloud service subscribers to exercise administrative responsibility over specific components only when their business requirements demand it. For the elements administered by the service provider, contracts typically stipulate hardware maintenance requirements and software update policies. The end result can be substantial savings in time and training for the subscriber’s in-house IT personnel.