Encryption or Firewall? What’s the Best Method for Keeping Your Data Safe?

I want to use cloud storage, but can I rely on file encryption? My files need top-notch security. Is a firewall my only option? 

Encryption vs Firewall

“Hacker” might sound like just another buzzword, but the reality of data security isn’t so simple.

There’s no such thing as a “Hacker-Proof” spray to coat your documents with security. The next best thing is encryption, and your ultimate protection is a firewall.

To understand how necessary these two security options are, you need to understand the risk of encountering a hacker. Hackers can take many forms, such as:

  • A rogue ex-employee
  • A competitor seeking to gain an advantage
  • An outsider with a grudge against your brand
  • A thief attempting to sell sensitive information
  • A completely anonymous entity with unknown motives

You may not be in charge of the Department of Defense, but data criminals are a threat to any business centralizing its data.

McAfee estimated in 2014 that $400 billion is lost per year globally through cybercrime. When closely considering the role of small businesses, this estimate is said to reach $2 trillion per year by 2019 according to Juniper Research.

The vendors that create data storage systems are hyper-focused on these threats.

When it comes to protecting your data, you have a number of options to choose from, but they all rely on one question: Are you storing your information in the cloud, or on your own servers?

Cloud Encryption: Is it strong enough?

The principle behind encryption is simple.

This method of security puts a protective layer over a file that scrambles its contents in a way that’s unreadable. When you share a file, only a designated person on the other end is able to access it. Cloud Document Management Software (DMS) often has encryption built into the system, so access is either automated based on the receiver’s identity through account privileges and other background keys, or requires a password.

The file’s level of security is increased by:

  • How complex the algorithm is for scrambling the content
  • The number of encrypted layers added on top of the file

The algorithm depends on the specification used to encrypt the file, which is currently the Advanced Encryption Standard (AES). The layer of encryption typically used by DMS is 256-bit. The next level would be 512-bit, which is typically used to encrypt material such as court files and federal data.

How safe is AES 256-bit? Pretty darn safe.

The amount of time needed to crack the code is astronomical. In reality, the Achilles heel of encryption is the method used to access the file, so the threat of losing encrypted information comes down to protecting the sender and receiver’s accounts and passwords.

On-premise Firewall: Is it right for my business?

Most on-premise systems have evolved to incorporate file encryption, and are actually a hybrid of both cloud and self-hosted storage.

Encryption is great for safely placing files in an accessible space, but for those managing legal, healthcare or financial documents, high-profile data accessible in bulk is alarming. If just about every file needs top-notch security, the best method of securing files is to blanket a whole database.

On-premise systems allow you to secure all data behind your own firewall. Users can then pick and choose which files require encryption when shared outside the system.

When you invest in your own firewall, this means you own the hardware that controls the servers. Security is built within the system, and privileges are assigned per user. This is different from cloud storage because cloud vendors control the servers, requiring you to select which documents need a special security level and assign privileges accordingly. The difference between encrypting on a device versus encrypting while a file is in-transit has also been a main privacy concern.

The benefits are clear:

On-premise software allows IT to monitor every detail of the system through a firewall, while cloud encryption is still an option for sharing files. Businesses that have an on-premise system only use cloud storage to send and receive files when needed.

But the drawbacks have a cost:

The hardware for an on-premise system requires a high upfront investment. The personnel needed to maintain an on-premise system is expensive. Software upgrades, data migration and other services also require additional costs.

And in the end, there is still one persistent threat that no system can overcome.

What is the most vulnerable access point of all systems?

No matter how you store business data, the greatest risk comes innocently from within.

According to Intel Security, 95% of all enterprise business attacks originate from “spear phishing” – a method of targeting individual employees to gain passwords, email addresses and more. Once data criminals gain access to an employee’s individual account, they’re able to dig deeper based on the user’s privileges.

The best way of protecting your organization from these attacks is to train your employees to recognize them.

When an employee receives an email from an unknown sender requesting any type of information, he or she shouldn’t respond. The message may mimic a real brand name to gain trust, such as Adobe or Windows, so employees must pay close attention to details such as:

  • The email address of the sender
  • The URL of the webpage requesting information
  • Any “About” or “Contact Us” links on the page that seem deceiving


Whether you decide to store files entirely in the cloud or behind a firewall, keep in mind that data should always be a high priority. Take precaution with it just as you would any expensive commodity, and treat it as if it’s the lifeline of your business.

For more information on data security and cloud vs. on-premise hosting, check out these great resources: