In the past, you had to use a variety of security software and tools to protect your organization’s technology infrastructure, data, and users. With the emergence of as-a-service models, that has changed. Now, it’s the vendor’s responsibility to provide a secure infrastructure for its customers. 

As-a-service models are increasingly popular because of the savings and convenience they provide. You don’t need to purchase servers, software, and tools for security or other infrastructure. In addition, you don’t need to maintain an in-house support staff. The as-a-service provider hosts and provides security and maintenance for its software. And the provider is responsible for securing the platform, network, applications, operating system, and physical infrastructure. 

But data security has been a concern for as-a-service models. Many perceive securing data in a storage-as-a-service model as less robust and more difficult to do than securing data on premises or in the public cloud. Let’s take a look.  But which model is actually more secure: on-premises or as-a-service models? 

Securing Data on Premises: Typically, the customer is responsible for securing data that’s stored on premises. The customer also determines the strategy, approach, software and tools it wants to use. There are advantages to this approach, particularly when it comes to securing legacy software and apps that (in most cases) don’t run in the cloud. Today, very few companies keep all functions on premises. In fact, according to research from Flexera, 93% of enterprises have a multicloud strategy, and 87% have a hybrid-cloud strategy.  

Leveraging As-a-Service/Cloud Security: Security was a concern in the early days of cloud. Cloud providers were under pressure to improve data security and do it fast. Today, many users would argue that service providers often deliver more robust security, even if those services are delivered on premises. Cloud providers offer better end-to-end visibility and update systems quickly to combat emerging security threats. Plus, they can reduce or eliminate the need for on-premises security architecture that may be configured inconsistently or incorrectly. Yet, cloud storage security continues to be a concern for some.

According to the Harvard Business Review report, How the Subscription Economy Is Defining Data Storage, data security is one of the biggest challenges executives associate with switching to a storage-as-a-service (STaaS) model, with 48% citing it as a concern. However, opinion is split over whether traditional or STaaS models are better for data security: 

  • 34% of survey respondents think STaaS is more secure.
  • 30% think STaaS and traditional models are about equal in terms of data security.
  • 26% think traditional arrangements are more secure. 

Those currently using STaaS and those considering it are more likely to rate STaaS as the more secure model (43% and 35%, respectively) than those not considering it (20%). This disparity may reflect greater familiarity with the service among the first two groups. 

The challenge for STaaS vendors is to clearly explain how they protect your data every step of the way, regardless of whether it’s at rest or in transit, on premises or in the public cloud. And also to spell out how you’re receiving the best of on-premises and cloud security. 

So, how do you get the financial flexibility, scalability, and elasticity from STaaS without compromising on security?  

Data needs to be secured to the highest possible standards. That level of security should be transparent and require zero management on your part. Vendors can accomplish this by securing data at rest with AES-256 bit encryption. Data encryption should be FIPS 140-2 certified, NIST compliant, NIAP/Common Criteria validated, and PCI-DSS compliant. It should also occur without impact to performance and while maintaining full data-reduction capabilities. 

Pure as-a-Service™ is a STaaS offering from Pure Storage®. It’s enabled by industry-leading, field-proven technology built into our FlashArray™, FlashBlade®, and Pure Cloud Block Store™ products, as well as validated design integrations, such as FlashStack® and AIRI®. Pure as-a-Service security leverages security features and capabilities intrinsic to FlashArray, FlashBlade, and Pure1. Plus, you get support from Pure Storage Technical Services.  

Regardless of whether you deploy Pure as-a-Service on premises, in a colocation facility, or in the public cloud, the back-end storage infrastructure comprises Pure hardware and/or software. You get the benefits of a true on-demand consumption-based storage model, the added operational value of having your storage managed and maintained by a third party, and the peace of mind that your data is secured with:

  • Always-on encryption at rest
  • Protocol-level authentication
  • SafeMode snapshots to mitigate ransomware
  • And more 

Many security breaches occur because an available patch wasn’t installed. Having a third party manage software updates can help you stay more secure than managing it in-house.

To be clear, Pure doesn’t remotely “manage the array” for day-to-day operations like provisioning, replication setup, etc. You maintain security control and have to manually open the RemoteAssist port to enable Support to assist with Purity upgrades.

For dark sites, things are handled more on a case-by-case basis. Usually our partner coordinates with your team to upload usage logs and/or drive periodic Purity upgrades.

Data encryption for Pure as-a-Service is FIPS 140-2 certified, NIST compliant, NIAP/Common Criteria validated, and PCI-DSS compliant. Ontrack, one of the industry’s leading security firms, has validated the efficacy of our data encryption and data erasure. Read more about data security and compliance for FlashArray, FlashBlade, and Pure1.