+44 20 363 016 59 info@preo-ag.com
  1. Home
  2. Blog
  3. Strategies For Greater Cloud Security

Date: 

2 Jul 2025

Author: 

PREO AG

On-Premise vs. Cloud

Cloud, but secure, and in which cases companies continue to rely on on-premise solutions

Cloud computing is now part of everyday business and an integral component of modern IT strategies. Companies and public administrations of all sizes use cloud services to make their infrastructure more scalable, flexible and cost-efficient. However, the more intensive the use of the cloud, the greater the potential security risks and possible existential consequences following an attack. This is because cybercriminals are increasingly targeting the vulnerabilities of cloud platforms and cloud services. Large cloud providers invest billions annually in the security and availability of their systems. On the customer side, too, the demand for security solutions is growing rapidly. In Germany alone, companies invested over 10 billion euros in their cyber and cloud security in 2024, according to industry association Bitcom – and the trend is rising.



In this blog post, we show the basic approaches companies and public administrations can use to effectively increase their cloud security. We also discuss cases where it may make sense, not only for security reasons, to refrain from moving certain workloads to the cloud or to bring them back and continue to operate them on-premises.


Five approaches for a more effective cloud security strategy

Just recently, the medium-sized recycling company Eu-Rec from Rhineland-Palatinate (Germany) had to file for bankruptcy after a cyberattack. Various systemic failures at energy suppliers, healthcare facilities and public administrations have also made headlines repeatedly in the past two years alone. But even though companies and organisations with critical infrastructure are particularly at risk, all companies should regularly review their security strategies and adapt them to current needs based on potential threat scenarios. These five approaches increase cloud security:


1. Identity and access management (IAM)

A robust IAM approach is the first line of defence against unauthorised access. Since cloud services are generally accessible from anywhere, they are inevitably more vulnerable if identities are not reliably protected. Companies should therefore consistently use multi-factor authentication (MFA), role-based access controls (RBAC) and regular authorisation checks. Compliance with the least privilege principle, i.e. the principle of granting each user only the minimum necessary rights, is essential here.


2. Data encryption

All data should be encrypted during both transmission and storage. Modern cloud platforms usually offer native encryption functions for this purpose, but the responsibility for activating and managing them often remains with the user. IT managers should ensure end-to-end encryption and, in addition, use key management systems (KMS) for sensitive or personal data, for example.


3. Monitoring and detection of anomalies

Continuous AI-based monitoring of the cloud environment enables unusual activities to be detected at an early stage and responded to immediately. This involves the use of SIEM (Security Information and Event Management) systems and tools for cloud security posture management (CSPM). These provide maximum transparency regarding configurations, access and threats, helping companies to proactively prevent security breaches or misconfigurations.


4. Securing APIs and interfaces

APIs form the backbone of many cloud applications. However, systemic interfaces are often a popular target for attacks. To avoid security gaps, APIs should always be authenticated, encrypted and regularly checked for vulnerabilities. Rate limits and extended logging also help to prevent misuse and ensure the integrity of services.


5. Regular security audits and compliance checks

Compliance requirements such as GDPR, ISO 27001 or industry-specific regulations require proof of secure cloud usage. Regular audits and penetration tests can identify security gaps and ensure compliance with legal, industry-specific or company-specific standards. Cloud providers often provide their own tools and reports for this purpose. However, these should be supplemented by independent audits.


For greater cloud security – advanced logging features in Microsoft

Microsoft learned the hard way in 2023 how necessary enhanced cloud security measures are when the Chinese hacker group Storm-0558 managed to steal a master signature key and use it to gain access to thousands of customer data via Azure, Exchange and Outlook. As a result, Microsoft Purview Audit now significantly increases the level of security with its enhanced logging capabilities. The current logs give companies and government agencies deeper insight into user and administrator activities and let them monitor thousands of events in Exchange, SharePoint, and Teams at any time. The Microsoft Expanded Cloud Logs Implementation Playbook even has a coordinated application guide from the US Cyber Security Agency, or CISA for short.


Not everything has to be in the cloud – the security factor of on-premises solutions

Despite all the advantages of the cloud and advanced security measures, more and more companies, especially those in critical infrastructure, government institutions and public administrations, are tending to keep certain workloads in their own data centres or bring them back from the cloud, partly for security reasons. This is particularly the case when


  • particularly sensitive data is processed, for example in the energy, health, logistics, finance or defence and armaments sectors. The complete loss of control over IT infrastructure and data storage not only poses an existential risk, but may also be a criminal offence, for example if legal frameworks or certifications impose special requirements on data protection and transparency.

  • Own security standards or architectures are not easily transferable to cloud platforms. Complex legacy systems or proprietary applications cannot always be migrated securely or efficiently.

  • Regulatory or contractual requirements that stipulate data storage in one's own country or under certain conditions. Some companies are subject to export restrictions or special confidentiality obligations, for example.

  • Lower latency times or high availability requirements exist that cannot be reliably guaranteed with cloud offerings – for example, in production environments or in edge computing.

  • Cost or control reasons argue against complete dependence on third-party providers. Companies that operate their own IT infrastructure remain in control of their data and systems. This can bring decisive advantages in the event of security incidents.

Strategic goal: Cloud computing and security go hand in hand

With a holistic and tailored security strategy – from identity management and encryption to in-depth, continuous monitoring – businesses can fully leverage all the benefits of the cloud without losing control over their data, workloads, and systems. Nevertheless, for most organisations, it's likely most effective to embrace cloud advantages while consistently keeping an eye on potential risks, and simultaneously continue to rely on on-premises solutions for particularly sensitive or critical workloads. It's no coincidence that hybrid cloud architectures, which combine both worlds, are currently the preferred choice for the majority.



Furthermore, on-premises operations offer additional advantages, such as more efficient Software Asset Management. Increasingly, IT managers are finding new financial leeway by legally buying or selling used software licences, sustainably reducing their ongoing licensing costs.


Compelling Advantages – Used Software from PREO for On-Premises Operations

As one of the pioneers in the European trade of used software, we offer businesses, organisations, and public administrations a vast selection of pre-owned volume licences for on-premises operations. Our focus is on widely used standard software from market-leading manufacturers such as Microsoft, Adobe, VMware, and Oracle. With these, companies can sustainably optimise their licensing costs and benefit from the following advantages:


  • Significant savings on ongoing licensing costs, up to 70% compared to buying new versions.
       
  • 100% legally compliant and audit-proof licence acquisition, with complete transparency throughout all transaction steps, including full documentation in the PREO licence portal "Easy Compliance".

  • Personalised advice on all aspects of licence transactions or the integration of used software licences into traditional network structures or hybrid cloud models.

  • Existing capacity for software licence management on large IT infrastructure projects involving thousands of workstations and cross-border locations.

  • Increased sustainability in IT by promoting an active circular economy and reducing the company's carbon footprint.

  • Expertise gained from numerous reference projects, which PREO has successfully delivered for renowned companies across various industries and sectors in recent years.


Enquire Now for FreeDouble arrow

Press and Marketing

Press and Marketing Nina Steffens

Do you have questions about materials, press releases or events? Feel free to contact

Nina Steffens
Corporate Communication Manager

P +49 151 24066668
M n.steffens@preo-ag.com

CURRENT LEGAL SITUATION

Current legal situation

Everything you need to know about the legal situation regarding "trade with used software"

What is the current jurisdiction? Where do legally compliant licences come from? What has to be considered when buying used software? We answer this and much more information on our page "Legal situation".

The legal situation Double arrow

BUY SOFTWARE SAFELY

Purchase used software

What do you have to consider when buying used software?

Do you need information on buying used software licences, licence audits or about the cooperation with PREO? You will find answers on our page "Buying used software".

Purchase used software Double arrow

PRODUCT OVERVIEW

View PREOs products

Do you need a specific software for your company or project?

Browse our product portfolio and find the right licences. Simply select the used software you need and add it to your request list with one click.

View products Double arrowDouble arrow