The Security of Cloud Services and SaaS

In this series, let’s take a look at the Value of Scale and Scope of cloud computing and the security benefits of centralised SaaS computing.

Daniel Ayala will be posting articles about information security, privacy and compliance in our blog. Throughout his 25 year career, he has led security and privacy organisations in banking and financial services, pharmaceutical, information, higher education, research and library organisations around the world, and both writes and speaks regularly on the topics of security, privacy, data ethics, and compliance. He also happens to be LabArchives Chief Information Security Officer!

Part 1: The Value of Scale and Scope

Greetings LabArchives Reader,

A question was posed to me, “a few years ago, there was a pretty powerful feeling that cloud applications were not as secure as on-premise based applications. Has that changed?”

There has long been a belief that cloud-based applications are not as secure as on-premise based applications. While this may once have been true, the maturity of the space warrants a re-look at this topic. Since all three LabArchives products Electronic Lab Notebook (ELN), Inventory and Scheduler are based in the cloud, I thought it beneficial to cover some of the ways that cloud security not only remains secure in 2021 but in many ways has benefits that are more difficult for on-premise implementations to achieve.

Security Disclaimer

I wouldn’t be a responsible information security professional without setting expectations and putting some disclaimers out there. First, there is no such thing as “perfect security.” The keys to success are taking the steps possible to secure an application in a way that balances the need to use a system with the mandate to protect the information within it. The security of both on-premise and cloud-based services is nothing without good practices, including security by design in development, testing, operations, and response.

Value Proposition & Challenges

Performance and data protection are both critical when using a system. The use of geographically dispersed cloud services moves the hosting closer to users’ hubs to improve the user experience and reduce latency. It also ensures users can store and access data within a particular country or set of countries as required by data-protection laws or grant requirements. Cloud services bring broad, reliable availability to shape their use to efficiently meet data residency requirements without having to build and staff new facilities.

For a long time, a key to securing a system was direct control over it. That included being in a data centre that could be visited, having a second physical machine act as failover and having robust, redundant connections between the two devices. Suppose something went wrong with the device or the software on it. In that case, an administrator could walk downstairs (or call a person at the data centre) to physically act on the box, be it reboot, pull a hard drive or replace the machine itself.

Organisations have also invested large sums in data centres located on or near their campuses. These are often owned or dedicated properties, and the financial stake in these facilities is a sunk cost that encourages those organisations to want to fill and use these facilities whenever possible. They often feature high investment in redundant power, enhanced network connectivity from multiple sources to increase availability, specialized HVAC, plumbing and physical / cyber security. In some cases, the organisation has various physical data centres located apart from each other for additional reliability in case of disaster.

However, in some cases, these data centres’ geographic diversity may only be a few miles from each other, on or near the campus itself. The lack of broader distance between them means that if a physical disruption were to occur, then it is likely that both locations would be affected and take out the capability of all systems in the data centres. What would happen if a meteor crashed into the area at 3:00AM and rendered all nearby data centres inoperable? Most research and education organisations have global reach and aggressive availability requirements.

A cloud service or software as a service (SaaS) offering is usually designed and implemented in multiple existing cloud data centres, often on opposite ends of the country or continent, without the need for building, occupying, and filling new, distinct data centres. It’s easy to add additional presence with a click of a button, and if there’s an issue in one location, the packets can be picked up by another.

This is part one of three in a series on the security of cloud and on-premise software. In our next installment I’ll cover the benefits and challenges of technically securing and monitoring both on-premise and cloud technology implementations.

Latest Blog Posts

Microsoft OneDrive is a convenient tool for storing and sharing documents, but it was never designed to meet the demands of scientific research. Without structured workflows, audit trails, or compliance safeguards, OneDrive falls short as an Electronic Lab Notebook (ELN)—putting reproducibility, collaboration, and compliance at risk.
In research, data security isn’t just an IT responsibility—it’s mission-critical. LabArchives safeguards the world’s most sensitive scientific work with enterprise-grade encryption, immutable audit trails, and global compliance support. Trusted by NIH and 600+ institutions, LabArchives delivers transparency, control, and future-proof compliance so researchers can focus on discovery while IT teams rest assured.
Join LabArchives’ Hannah Clark on Oct 15, 2025 (2–3 PM ET) to master enterprise-only features that drive research data management KPIs. Learn how to enforce data ownership, align permissions with your org chart, govern publishing, strengthen compliance, and standardize workflows. Perfect for site admins, research leaders, and administrators.
As more labs transition to digital research tools, some mistake Microsoft OneNote for a suitable electronic lab notebook (ELN). While flexible and familiar, OneNote lacks the compliance, traceability, and scientific workflows required for secure research documentation. Before adopting a general note-taking app, learn why your lab needs a dedicated ELN designed for science.

Get started with LabArchives today

Start for free and upgrade as your team grows