Friday, September 22, 2023

The Battle Between On Prem & The Cloud - 3 Stark Differences

 


I have written a lot on both On Premises and Cloud based Infrastructures, from many different angles, especially from the standpoint of both Cyber and Privileged Access Management.  Plus , I am learning more about them from my new job, when it comes to both AI and ML. 

But I never really took the time to really understand the key differences between the both of them.  So in this blog, I am going to take the time and do so.  Here we go:

1)     There are many combinations:

With the Cloud, there are three major deployments that you can pick from:  The Infrastructure as a Service (aka the “IaaS”), the Platform as a Service (aka the “PaaS”), and the Software as a Service (aka the “SaaS”).  And there are also multiple combinations that you can use, such as the Public Cloud, the Private Cloud, and the Hybrid Cloud.  Now depending upon your requirements, you can mix and match as much as you want, creating all sorts of different combinations.  Heck, you can even connect different Cloud Providers together, such as the AWS, Microsoft Azure, and even the Google Cloud Platform.  So as you can see, things can get pretty hairy and even extremely complicated with how many resources you deploy, and how you set them up.  For example, you can even create your own Virtual Data Center, and store that across different physical locations throughout the world, depending upon how your Cloud Provider has their geographic distributions set up.  One of the key advantages here is that it is usually the Cloud Provider that will manage your entire infrastructure, and even apply the needed software updates and patches that are needed for them.  But you are ultimately responsible for all of the configurations and settings.  So if your Cloud deployment gets exposed to a data leak, you are the one that is responsible for it, not the Cloud Provider!!! 

With the On Prem Infrastructure, you are responsible for everything, from the maintenance to applying the software updates and patches, and getting new equipment when and as needed.  Also, you will have to hire dedicated staff as well for this.  The bottom line here:  Lots of $$$ being spent, with no firm ROI on it.

2)     The Demilitarized Zone:

The acronym for this is the DMZ, and no, I am not talking about the one on the Korean Border.  This is another security layer for both an On Prem and Cloud based Infrastructure.  The technical definition for this is as follows:

               “In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that           separates a local area network (LAN) from other untrusted networks -- usually, the public        internet. DMZs are also known as perimeter networks or screened subnetworks.”

               (SOURCE:  https://www.techtarget.com/searchsecurity/definition/DMZ)

               Simply put, this is just another layer of security that is added on, to separate your Network              Infrastructure from any sort of rogue data packets, malicious domain links, and anything else            that is deemed to be untrustworthy in the world of Cyber. 

With the On Prem Infrastructure (assuming your businesses has a brick and mortar one), the DMZ is more or less clearly defined, so your IT Security team will know all of the ins and outs of it easily.

But with a Cloud based Infrastructure such as that of Microsoft Azure, defining the DMZ becomes a lot murkier, because it becomes much more a logical “thing” and when compared to the DMZ for an On Prem Infrastructure.  But the good news is that with Azure, you get a lot of great tools to help you create your DMZ in terms of a visual perspective, so that it can be understood a lot easier. 

3)     The Software Update Process:

With an On Prem Infrastructure, you have total control over how and when you want to deploy the needed patches and upgrades to your IT and Network Infrastructure.  For example, when I was working for my first job after graduating with my MBA, I was heavily involved with Software Configuration Management.  I was responsible for checking the patches and upgrades at the vendors website every Monday AM, and downloading what I thought I needed.  Then, we would have a team  meeting to review them, and then after that, submit a Change Management Request to get these patches installed.  But given how complex things have become, and with all of the different devices and interconnectivity that exists between them, this process has become quite complex.  Although you have full control over what you want to install, it is also your responsibility to make sure that it is done on a regular basis.  If not, you are at prime risk for a security breach.

But with the Cloud based Infrastructure, the good news is that the Cloud Provider does all of this for you, so you have nothing to worry about.  But the only concern here is that they usually do not tell you what gets deployed, and at times, it happens a patch can get installed onto your Virtual Machine, and cause a major conflict.

My Thoughts On This:

As can be seen from this blog, both kinds of infrastructure have their plusses and minuses.  But if it were  me, I highly favor the Cloud based Infrastructure.  My reasons for this?  It is far cheaper than the On Prem solution, and you can add and take resources as needed within minutes versus the days or weeks that it can take with an On Prem Infrastructure.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...