When security professionals plan a security system, one of the most important considerations is on-premise vs. cloud security. In basic terms, should the infrastructure for capturing and storing data from security cameras or access control systems be retained on site or hosted in the cloud?
The decision is not a simple one; both cloud security systems and on-premise solutions have benefits and disadvantages. That makes it essential to consider all the key differences between the systems to determine which one more closely aligns with the security, operational and financial needs of the business.
In this article, you’ll learn about the basic differences between the two systems and get an in-depth comparison of cloud security vs. on-premises across criteria such as security levels, infrastructure, reliability, maintenance, through-life costs and many other factors.
When it comes to managing physical security for commercial properties, organizations have two basic approaches: cloud security systems vs. on-premise solutions.
An on-premise solution, also called on-prem security, is housed in a physical location – generally in the same building as the security systems. Recorders or on-prem servers capture and store data from security cameras, access control systems, sensors and alarms transmitted over an internal network. Security professionals can review and analyze the data on monitors on the premises.
Cloud security systems, on the other hand, capture and store sensitive data from the same security sources, but house them in a secure data center in the cloud. The data is transmitted over the Internet. Security teams can access the data via the Internet and review it on a variety of fixed and mobile devices, either on the premises or remotely.
Those are the basic differences between the two systems, but to decide on the most suitable solution, it’s important to compare on-premise and cloud security in greater detail.
On-premises solutions require an on premises infrastructure in the building: servers or digital video recorders, software to manage the infrastructure and a network to connect the infrastructure with the security or access control system components.
On-premise environments will also generate energy requirements to power the storage devices and any associated cooling systems. The size and number of on-premises servers or recorders is determined by the number of feeds from individual security components. The more cameras, readers and alarms in a building, the more servers will be required.
A cloud security system requires no physical servers or infrastructure on the premises. The storage and management systems are housed in the cloud environment, usually managed by a third party. Depending on the subscription, there is no limit to the number of individual security feeds that can be stored in the cloud. Storage for cloud security systems does not require an internal network; data is transmitted directly from the security source to the cloud via the Internet. Data can be reviewed on an on-premise monitor or via remote connection on mobile devices.
The most important difference between the systems is the location of infrastructure. If space is at a premium, a cloud solution can free space on the premises for other uses. This may be important in a smaller building or in a retail outlet, apartment or office complex where the space can be used to generate additional revenue.
If the infrastructure is retained on-premise, the business is responsible for management and maintenance. This will generally be the responsibility of the IT team, so it is essential that team members have the skills to manage both the infrastructure and the internal networks. On-premise solutions require regular maintenance to ensure reliable operation, which can be time-consuming for the IT team. However, this also gives the business full control and oversight of their security systems at all times.
When the system is cloud-based, the hosting company takes responsibility for management and maintenance and the cost is included in the regular subscription. The cloud infrastructure is managed and maintained by specialist staff with the necessary skills.
The key difference here is a requirement for staff with the skills and available time to manage and maintain the infrastructure and internal networks. For a business with a small IT team, the support burden can distract them from other important tasks.
To connect on-premise storage devices to individual security and access control components requires the installation and maintenance of a secure internal data network. The network must have the speed, capacity and traffic prioritization capability to transmit high volumes of data like high-resolution video images for different video surveillance infrastructure, such as commercial surveillance systems or parking lot camera systems, without delay or loss of image quality.
Cloud security systems transmit data from individual security devices via public or private Internet connections. Where security is a critical factor, a private network overlay may be necessary. While the Internet has the capacity to transmit the large file sizes generated by security cameras, transmission speeds and image quality are determined by the type of Internet connection and variable traffic conditions on the public network.
Connectivity is an important consideration in the cloud vs. on-premise security decision. Security professionals should carefully compare network performance, degree of security and other internal networking requirements as part of the decision process.
Recorders and servers used in on-premise solutions have a finite storage capacity. The calculation for initial storage capacity is based on the number of cameras and other connected security components, together with the volume of data generated. As security cameras generate large file sizes, on-premise storage systems may quickly reach their limit. Adding new devices or security cameras for schools or universities, large corporate campuses, and other buildings that require increased store demands.
To handle volumes that exceed capacity, security teams can either add new storage devices or delete data that seems unnecessary, which is why businesses with on-prem solutions often have rigorous data management practices in place.
Cloud security systems have infinite storage capacity, although individual storage limits are determined initially by the type of subscription. Adding new feeds or exceeding limits will require an increased subscription. Security teams can reduce subscription costs by developing a tiered storage strategy, storing non-essential data in a lower-cost archive cloud system.
This part of the decision is determined by the capacity required for current and future needs. Security teams using on-premise storage choose between deleting data or adding new capacity. Cloud-based systems offer other options for expansion. The important thing to keep in mind when comparing storage for cloud vs. on-premises security is that you have a way to access vital evidence and data later if incidents do arise.
Commercial security is a 24/7 operation, so it’s essential that the chosen storage solution offers the highest level of uptime.
On-premise solutions depend on the reliability of internal components to maximize uptime. That means selecting servers, recorders and network components that provide the highest levels of reliability. Storage devices and storage media must be designed for continuous, reliable operation with minimal maintenance.
Where necessary, the storage system should incorporate redundancy so that incoming data can be automatically transferred to tandem devices. At network level, the system should also incorporate automatic rerouting and failover as well as traffic prioritization to minimize delay or disruption to data flows. Proactive maintenance on both storage devices and networks can reduce the risk of unplanned downtime.
Cloud-based security, like cloud computing, depends on the reliability of external elements, including the Internet and the host system. The greatest area of risk is Internet performance, which can be slow or subject to service disruption. Implementing a private Internet solution reduces the risk of delay of disruption, but incurs additional costs. A cloud provider will always aim at the highest levels of reliability, but it’s essential to check the level of uptime offered in service contracts.
When comparing the reliability of the two systems, it’s important to take into account responsibility for maintaining reliability. On-premise solutions offer greater control over uptime, but they rely on the maintenance capability and responsiveness of in-house support teams. Cloud system reliability is dependent on factors outside the control of the in-house team.
If a fire, flood or other disaster occurs and damages the storage infrastructure, the impact on security can be severe. The storage solution must provide continuity.
If an on-premise infrastructure is damaged or inaccessible because of a disaster, the security team must set up an alternative system in a temporary location. This can be difficult and time-consuming depending on the complexity of the system and is unlikely to provide immediate continuity of service.
Where data is stored in the cloud, a disaster on the business premises will not result in a loss of service or access to stored data, although any damage to key cameras such as security cameras in retail stores or other security devices would disrupt current feeds. The cloud infrastructure is not affected by local issues and security staff can access cloud data on internet-connected mobile devices from any location to continue monitoring security.
Some businesses may be subject to regulatory compliance or may want to protect mission-critical security data, which can influence the decision on cloud vs. on-premise security.
When security data is stored on-premise, security teams have complete control over the data and can apply necessary policies and processes to maximize protection. This may be necessary to protect different types of sensitive information subject to industry regulations or client contractual requirements.
Storing data in the cloud may not be permissible under those regulations or contractual requirements, so it is essential to check that the storage solution is compliant.
In some cases, a hybrid solution may be the right option, with compliant data stored on-premise and other data sent to the cloud.
To review and analyze security footage recorded and stored on-premise, security teams view data on monitors located on the site. They can then respond to incidents or analyze data for trends or audit purposes. If 24-hour monitoring is essential, this may require security staff to be on-site outside normal business hours.
With the cloud, security teams can access security feeds and stored data from any location using an Internet-connected device. This increases operational flexibility and means that businesses do not have to retain staff on-site outside normal business hours.
Cloud storage also improves mobility for security teams; they can attend incidents while receiving up-to-date camera feeds and other information that can help them resolve incidents more effectively. Businesses with multiple sites can centralize monitoring operations with feeds from all sites stored in the cloud and accessible from a central monitoring post or from any convenient location.
Centralize your system monitoring with secure, cloud-connected access to all your Avigilon Control Center™ (ACC) sites. The no-install, browser-agnostic client extends remote access to your on-premise security system for greater flexibility and control.
Scalability is closely related to storage capacity. However, there are other factors to take into account, including the time, cost and complexity of scaling storage up or down.
On-premise storage systems can scale to meet additional capacity demands, new installations or centralization of multi-site security operations. However, scaling the system requires procurement, installation and configuration of additional storage devices, as well as additional space requirements and increased management and maintenance support. Acquiring and installing new equipment can take time and cause disruption to existing security operations. It also increases capital costs for security.
When storage is hosted in the cloud, the system can be scaled up or down on demand, ensuring that the system can accommodate changes in a very short timescale with minimal or no disruption to day-to-day security operations. There is usually no capital cost for scaling a cloud system, although it may require an increase in the regular subscription.
Scalability is an important factor in the decision for on-premise security vs. cloud solutions. Planners must take a long-term view and take into account possible changes in business or security requirements over time.
To optimize security, it’s essential to have the latest software installed. With an on-premise solution, the IT team is responsible for managing and installing updates and ensuring that the system is always up to date. Updates to on-premise systems may take additional time to install, especially across a large network.
In a cloud security solution, software updates are handled by the cloud team and are often included as part of the service covered by the regular subscription. With systems that leverage over-the-air (OTA) updates, the newest features and upgrades are implemented automatically, which can help protect against emerging threats or newly discovered vulnerabilities.
Customization aligns the security system with the operational needs of the business. On-premise solutions can be customized in many different ways, for example by incorporating tiered access levels or setting other rules and processes to minimize risk. Thick client applications installed on on-prem managed workstations can run independently without an Internet connection, and offer the most opportunity for customization. However, the workload to build out and manage these applications will fall on internal teams.
Cloud-based systems offer fewer opportunities for customization. Subscriptions are often based on standard packages, although clients can set their own access requirements and internal rules for devices.
Integrating security with other systems, such as environmental control or building management systems can help to streamline and automate processes throughout a property. For example, data from access control systems or cloud security camera systems can provide valuable information on room or building occupancy levels. Integrating that data with environmental control systems allows heating, lighting or ventilation to be adjusted automatically in line with occupancy.
Cloud-based systems are increasingly designed and built to open standards which can simplify integration with other compatible applications and systems.
On-premise solutions may be built using legacy technologies that do not have the same level of compatibility with systems built to open standards, making integration more difficult.
Check with your system providers to compare integration capabilities of your cloud vs. on-premise security applications. Before deploying new technologies, ensure they are interoperable to maximize operational efficiency.
Calculating through-life costs is an important consideration when comparing cloud security vs. on-premise. The calculations should include initial set-up costs as well as maintenance and other recurring costs.
Premise-based systems require initial capital investment to acquire the equipment, together with the cost of storage media and software licenses. There are other initial costs to install, configure and validate the system. Ongoing costs include renewal of software licenses, installation of software updates and upgrades, scheduled maintenance and repair or replacement of faulty components. To expand the system will incur the same set of initial and ongoing costs.
Most costs for cloud security systems are rolled into a regular subscription, including software license fees, software updates, system management and maintenance. Depending on the provider, there may be initial set-up fees. To expand the system, it’s only necessary to increase the regular subscription. There are also connectivity costs to consider, such as a proportion of broadband charges and any costs associated with overlay networks.
Cloud storage offers opportunities for cost savings in other areas, such as reduction in on-site security staff costs. Security camera systems with cloud storage can help businesses adopt remote monitoring outside of business hours or centralizing multi-site security monitoring. Integration with environmental or building management systems can help to reduce energy costs through better alignment of energy consumption with occupancy.
With security threats and cyber threats on the increase, both data security and physical security should be front of mind for businesses. So, is cloud more secure than on-premise? It’s essential to review this from a number of different perspectives.
With on-premise solutions, the security team is in control of data protection through having access to the storage systems or data centers and the data they hold. Companies need to ensure they hire robust security teams who will work hard to keep the data center protected, through setting and managing rules and processing and auditing procedures to minimize the risk of unauthorized access to data.
However, the infrastructure can be vulnerable to attacks, damage or theft of data by intruders. Data breaches can also occur because of accidental loss or damage.
Cloud security controls eliminate the risk of theft or damage from on-site storage systems. However, internal teams have no control over security levels in the cloud. They are dependent on the level of security set by the cloud providers. In multi-tenant cloud systems, customers share databases, resources and security. Although each customer’s data is ‘invisible’ to other users, there may be a risk of private data spillage and consequent security breaches.
It’s also important to consider data in transit when assessing cloud solutions. Data is normally encrypted at source before traveling to and from the cloud via the public Internet, which reduces the risk of data theft. However, the public Internet is vulnerable to hacking, so many companies set up private Internet facilities to increase protection for all the sensitive data in transit.
Making a decision over cloud security vs. traditional on-premise security is a complex process that requires detailed analysis of many different factors. It’s clear from the discussion of these factors that there is no standard or one-size-fits-all solution for commercial security. Before making this decision, it’s important to consider the following questions:
When deciding between on-prem vs. cloud security, the most appropriate solution balances operational and financial considerations against risk to create a solution that provides the highest level of protection for each business.