Cloud vs On Premise Introduction

Cloud vs on Premise – Resilience

This is the fifth of six articles that analyse the risk around cloud and on-premises systems.  As I stated in the first article, my view is that the caution many people adopt when ‘going cloud’ should be applied as much to on-premises systems to obtain the best risk profile for a business’ information systems.

In this article we analyse resilience.  The previous articles discussed governance, confidentiality and data security issues, with the next article providing a summary.


This category is broader than the others and comprises more loosely-related topics, being system availability, incident management, data portability and system audits.

When analysing on-premises systems against these categories we find a mixed bag.  Most on-premises systems are usually comprised of a single computer, or a single computer for a single purpose (one practice management server for example).  Many on-premises systems also do not have a Business Continuity Process or a Disaster-Recovery Plan. Should a system fail, outages can last for hours or even days.  Recovery is usually complex and can be incomplete.  For example, data may be recovered to the end of the day before the outage occurred, losing that day’s transactions.  Incident management is ad-hoc.  The main advantage of on-premises systems in this context is that practitioners usually have someone to yell at when things go wrong.

Cloud systems generally perform better in this category.  Dropbox business claims an availability of 99.9999999% per year.  That is an average downtime of 0.03 seconds each year.  Google claims a comparatively paltry 99.9%, or 8 hours, of downtime per year, and provides service credit if this metric is not met.  From an availability point of view, cloud services win hands-down.

Incident management is usually more structured with cloud providers, although the regimens vary.  Microsoft, for example, sends push notifications to your IT admnistrator as soon as an incident occurs.  It also publishes a list of past incidents and resolutions.  Dropbox conducts audits on a regular basis, as does Microsoft.  Microsoft allows for additional audits to be performed for an additional cost.

Overall, cloud systems are more reliable, available and outages are managed in a more structured and transparent way.

While data portability may seem a non-issue with on-premises systems, a deeper look indicates this may not be the case.  This is particularly so as many businesses store their ‘source of truth’ in a business management system and migrating data out of business management systems is quite difficult, regardless of whether the system is on premises or cloud-based.

Non-business management data, such as email and file data is more portable in the on-premises context as the data does not need to be exported or downloaded.  However, with faster network connections, export of email and file data from most cloud systems is also becoming more convenient.

Table 4 Resilience

  Availability Incident Management Audit Data Portability
Dropbox Not specified Not specified Not specified Files can be exported.
Dropbox Business 99.9999999% Not specified Access to audit data once per year Files can be exported
Google Workspace 99.9% with service credits Not specified Not specified All data can be exported
Microsoft 365 99.9% with service credits Will notify user ASAP Standard audits- free.  Custom audits available All data can be exported
On Premises Usually low Depends on IT provider Usually none Depends on software and PMS


Overall, the much greater availability of cloud systems would lead to cloud winning this category. Outages can cost business thousands of dollars in lost income.  The combination of very high availability coupled with stronger incident management and audit procedures provided by cloud services offset the perceived control offered by keeping data on-premises.  Most cloud service data is portable, with the exception being the business management systems.  However, data portability in this context is an issue that comes with the systems themselves, and not necessarily because they are cloud-based.

Cloud takes this category

In our next, and final, article we wrap up the analysis and give some thoughts on risk, cloud and on-premises systems.

For more information and expert advice, ask to speak to Mark Ferraretto at Ezra Legal on (08) 8231 6100 or email

For information and articles on the range of IT and data privacy advice and services that we provide, head to:

Mark Ferraretto

Lawyer – IT and Data Privacy

Ezra Legal

Mark Ferraretto

Categories: Blog, Technology

Leave a Comment

Your email address will not be published.

Scroll to Top