IT & Engineering
Email security and infrastructure: Cloud-based vs. on-premise
The security of your emails, data, and infrastructure is priority one. In this post, we’re calling out the gaps between “ground” vs. “cloud” so you don’t find yourself stuck mid-air without a solution.
PUBLISHED ON
You could argue that cloud-based infrastructure is the natural evolution of on-premise software, but that might make some people angry. Whether you think of on-premise solutions as legacy dinosaurs, or as the end-all solution for maintaining security, we’re here to compare where we’ve been to where we’re going and break down the benefits of the cloud.
Table of contents
Lightning round: A quick history of the cloud
Types of cloud-based solutions
On premises requirements
When to choose the cloud
When to choose on-premises
Data security and data storage
Email and security
Security and scalability
What is the cloud?
Short answer? It’s a global server network.
Cloud-based means that your data is hosted off-site and on servers and in global data centers owned by cloud providers. Is it secure? Is it accessible? How does this work? To paraphrase PBS, the cloud was made possible by users like you.
Lightning round: A quick history of the cloud
In the beginning – a.k.a. the 1960s – there were mainframes, which were massive machines that large groups of people shared. Imagine having to stand in line to check your email, let alone perform any advanced computations. Then, to make a long story short, we got personal computers that could connect to network servers remotely, and mainframes evolved into server rooms, which evolved into massive data centers that started to rent out their resources, and that became the public cloud.
A personal computer doesn’t have the capacity to operate and host large IT infrastructure on its own and buying your servers at the volume you need can get expensive. The solution is cloud infrastructure. Providers like Salesforce, Amazon Web Services (AWS), or Microsoft Azure have stacks on stacks of servers in data centers worldwide that you can access. Cloud solutions are pay-as-you-go models that allow you to do things like rent data storage, host software, and perform advanced computing.
Types of cloud-based solutions
There’s more than one type of cloud; cumulus, cirrus, light and fluffy… Here are the three types of cloud service providers.
Infrastructure as a service (IaaS): IaaS providers rent access to utilities like servers, cloud computing, virtual machines (VMs), and cloud storage.
Platform as a service (PaaS): PaaS providers (like yours truly) are cloud platforms that use on-demand models for software development, testing, application management, and sending emails, of course.
Software as a service (SaaS): SaaS solutions are subscription based, cloud-hosted software solutions. Tools like Adobe Creative Cloud and Zendesk fall into this category.
What is on-premise?
Short answer? It’s on-site infrastructure.
On-premise is the in-house solution of owning and operating independent servers to host your own infrastructure and refers to any on-site server hardware or software. If you close your eyes and picture any hacker movie that predates the mid-1990s, that is on-premise – a large, extra cold room containing towers of stacked servers in the belly of the company HQ.
On premises requirements
With great power comes great responsibility. And servers require a lot of power. To understand on-premise data centers, we first need to look at the resources they need:
Number of racks
Number of servers per rack
Square footage utilized
Your building’s voltage capacity (VAC)
Cooling system
Power supply for your servers
Production load
Computing resources
Kilowatts per server
Data backup solutions (on-site and off-site)
APC batteries
Server and software licenses
Server maintenance costs
On-site security
This isn’t a complete list by a long shot, but it gives you an idea of the amount of physical infrastructure needed to support on-premises. Once you’ve figured out all your variables you can do some fancy calculations to determine things like how many watts you need per square foot to power your servers (the current average is somewhere between 250-300 watts). That’s quite the energy bill.
We’re not here to be the pricing police – we’re here to talk cloud vs on-premise security – but just a single server without the building, the racks, cooling, hardware, installation, maintenance, or anything else, costs between $1000-$4000 in 2023, and you’ll need more than one. The takeaway? Total infrastructure control may not be cost effective.
At the climax of any good (or bad) hacker movie, there’s a scene where the hackers escape by outrunning actual guards. When thinking about on-prem vs the cloud, this is an important visual. On-premise environments require a layer of physical, on-site security in addition to network security and cyber defenses. It’s a significant upfront investment for hardware, installation, and the continued expense of humans to maintain it. On the second half of a server’s life cycle there’s also a cost of upkeep and eventual server replacement.
Pros and cons of on-premise vs cloud-based infrastructure
Whether you’re deciding between on-prem and the cloud at the start of your business, or considering a cloud migration, these are some key differences.
Main characteristics of on-premise | Main characteristics of cloud-based |
|---|---|
Main characteristics of on-premise | |
Large upfront cost | Pay-as-you-go subscription |
Main characteristics of cloud-based | |
Hardware/software installation and licensing | No installation, fast onboarding |
Full control over your infrastructure | Third-party hosting |
Responsible for all compliance | Cloud-provider responsible for compliance |
Larger ongoing costs (maintenance, on-site staff, etc.) | Not responsible for server maintenance |
Responsible for physical and cyber security | Provider responsible for meeting security standards |
Support your own infrastructure | Providers offer dedicated IT staff, support and additional services |
Limited to the devices you use for installation | Access on a large number of devices, supports integration with other tools and securities like single-sign on (SSO) |
When to choose the cloud
When you need speed and security.
Pros of the cloud | Cons of the cloud |
|---|---|
Pros of the cloud | |
Pay by subscription, low upfront cost | Custom pricing structures can be complex |
Cons of the cloud | |
Compliance and security are managed | Custom terms may be an added cost |
Extreme scalability | May limit some configuration options |
Supports third party integrations | May be a learning curve to use cloud tools |
Dedicated support and additional services | Cloud providers can experience downtime |
Cloud environments are designed for speed, especially when you compare the time between onboarding with a cloud provider to the days/weeks/months it can take to install and configure on-premise servers. Because you’re paying for a service, cloud-based providers are obligated to maintain a certain percentage uptime, support responsiveness, security measures, and server maintenance – all outlined neatly in SLAs.
Cloud software is built to adapt. The success of these services depends on their ability to constantly meet new requirements and roll out new features and updates to keep them competitive with business needs.
When to choose on-premises
When you need total control.
Pros of on-premises | Cons of on-premises |
|---|---|
Pros of on-premises | |
Complete control over your infrastructure | Large upfront installation costs |
Cons of on-premises | |
Control over your security | Additional on-site security is required |
SMTP sending through your servers costs less | No deliverability or verification support unless you provide it internally |
Does not rely on internet to access data | Must use your own resources to meet compliance standards |
No restrictions on amount of sent messages, stored data, or size of databases | Less control over your email reputation by owning your own servers |
Maintaining an on-premise infrastructure may be pricey, but it’s also 100% yours, and that supports tailor-made security and customizations when it comes to your network resources. Also, on-premises does not rely on an internet connection to access stored data.
We’ve made it clear that on-premises has steep upfront costs, but there are some places that this solution can save you money. If you don’t need a high-speed connection to access data, you don’t need to pay for internet that supports high download speeds. You also have 100% control over your configurations and level of security, allowing you to tailor your solutions either for yourself or for target clients.
If we bring the conversation back around to email, companies with current on-premise infrastructure may find it hard to transition to cloud-based. Provisioning your own SMTP sending through your own servers costs less than a monthly cloud subscription.
However, when you manage your own physical servers, you have less control over your email reputation. Servers alone aren’t a service. PaaS providers like Mailgun offer additional support to protect against vulnerabilities and inefficiencies like traffic segmentation, dedicated IT teams, Deliverability Services, Email validation, and we scale up our protocols based on developing legislations like GDPR and CCPA.
On-premise vs cloud: Is on-prem more secure?
NO. This is a miss-conception.
When someone says “cloud security” in 2022, “compliance” is usually just a few sentences behind. Highly regulated industries: government agencies, utilities, etc., are less likely to convert to cloud-based because of their security controls and compliance obligations, and reservations about how cloud data is managed. That’s changing.
Regulatory controls such as HIPAA are cloud compatible and all cloud providers are held to an increasing number of compliances when it comes to sensitive data. SOC, GDPR, CPPA, HIPAA, ISO 27001, PCI DSS… these are not easy standards to meet. Cloud services are constantly being fortified against cyberattacks and vetted not just by compliance standards, but by current and potential customers. Just ask our sales and security teams how often they complete lengthy vendor security assessments.
Opting for an on-premise solution doesn’t exempt you from being compliant. On-premise infrastructure means you will be managing not only your own security solutions, but are also responsible for meeting state, national, global security, and data management requirements as they evolve. Do you have to be GDPR or CPAA complaint? No, but it will limit who you can do business with.
Data security and data storage
Encryption for data when it’s moving and for when it’s standing still.
Regardless of where your data is stored, either on-premises or in the cloud, encryption at rest is the standard protection format. Mailgun utilizes AES-256 encryption-at-rest for all customer data which means a 256-bit key is required for encryption/decryption. Sounds impressive right? Well, if it’s good enough for the U.S. National Security Agency (NSA) and giant cloud providers like AWS, it’s good enough for us.
Need more data security details? Check out the Mailgun DPA for all the ins and outs.
Email and security
Cloud-based providers support high volume sending.
There are two options when you need to send an email. Send with API or with SMTP. SMTP is a standardized protocol for transfer mail. It’s basically a relay system between a series of ports used to transfer your emails to your recipients. Sounds perfect right? Unfortunately, SMTP doesn’t support encryption in its native state, so it’s vulnerable to spammers.
How do we solve for this? Enter Transport Layer Security (TLS) encryption. TLS is an added layer of protection that does the encryption that SMTP can’t, so your messages are protected as they travel to the inbox.
Securing messages in transit is only one part of the equation. There’s another aspect of email security around how your contact’s email addresses are imported. This requires a secure funnel, which Mailgun has created with our API. Our advice? Use API when you can to support your contacts and sending, it’s more secure than SMTP alone.
Security and scalability
One point for the cloud.
Scalability is where cloud-based delivers some serious hit points to on-premises, particularly when it comes to security upgrades. Companies like Mailgun are one-half product and one-half product support. This means when it comes to defending against cyber security, we have a dedicated team to counter threats and scale defenses. When it comes to resolving outages, we have a dedicated team. When it comes to answering customer questions, tailoring deliverability strategies, or meeting scaling internal protocols to meet compliance standards, we have dedicated teams.
Ultimately, on-premises is an independent infrastructure only responsible for itself and cloud-based is a collective infrastructure responsible to everyone that uses it.
Cloud-based infrastructure to power your email program
Deciding to partner with a cloud-based service might not be an easy decision. Maybe your company is under the spotlight when it comes to data management and security, maybe you’re considering leaving your current on-premise solution and are unsure what migrating to the cloud would mean.
As an email service provider, this is our bread and butter. If we haven’t converted you to team cloud, if you need more insight, more data, or just a broader view of email infrastructure and security, we’ve got it ready.
Learn about email security and compliance
Email security and compliance
Email security isn't easy. But you need to protect your business, brand, employees, and subscribers. Find out about the benefits of continually improving email security and compliance from our industry experts. It's yours to explore. No form filling required.
