Back to main menu

IT & Engineering

Email security and infrastructure: Cloud-based vs. on-premise

The security of your emails, data, and infrastructure is priority one. In this post, we’re calling out the gaps between “ground” vs. “cloud” so you don’t find yourself stuck mid-air without a solution.



You could argue that cloud-based infrastructure is the natural evolution of on-premise software, but that might make some people angry. Whether you think of on-premise solutions as legacy dinosaurs, or as the end-all solution for maintaining security, we’re here to compare where we’ve been to where we’re going and break down the benefits of the cloud.

What is the cloud?

Short answer? It’s a global server network.

Cloud-based means that your data is hosted off-site and on servers and in global data centers owned by cloud providers. Is it secure? Is it accessible? How does this work? To paraphrase PBS, the cloud was made possible by users like you.

Lightning round: A quick history of the cloud

In the beginning – a.k.a. the 1960s – there were mainframes, which were massive machines that large groups of people shared. Imagine having to stand in line to check your email, let alone perform any advanced computations. Then, to make a long story short, we got personal computers that could connect to network servers remotely, and mainframes evolved into server rooms, which evolved into massive data centers that started to rent out their resources, and that became the public cloud.

A personal computer doesn’t have the capacity to operate and host large IT infrastructure on its own and buying your servers at the volume you need can get expensive. The solution is cloud infrastructure. Providers like Salesforce, Amazon Web Services (AWS), or Microsoft Azure have stacks on stacks of servers in data centers worldwide that you can access. Cloud solutions are pay-as-you-go models that allow you to do things like rent data storage, host software, and perform advanced computing.

Types of cloud-based solutions

There’s more than one type of cloud; cumulus, cirrus, light and fluffy… Here are the three types of cloud service providers.

  • Infrastructure as a service (IaaS): IaaS providers rent access to utilities like servers, cloud computing, virtual machines (VMs), and cloud storage.

  • Platform as a service (PaaS): PaaS providers (like yours truly) are cloud platforms that use on-demand models for software development, testing, application management, and sending emails, of course.

  • Software as a service (SaaS): SaaS solutions are subscription based, cloud-hosted software solutions. Tools like Adobe Creative Cloud and Zendesk fall into this category.

What is on-premise?

Short answer? It’s on-site infrastructure.

On-premise is the in-house solution of owning and operating independent servers to host your own infrastructure and refers to any on-site server hardware or software. If you close your eyes and picture any hacker movie that predates the mid-1990s, that is on-premise – a large, extra cold room containing towers of stacked servers in the belly of the company HQ.

On premises requirements

With great power comes great responsibility. And servers require a lot of power. To understand on-premise data centers, we first need to look at the resources they need:

  • Number of racks

  • Number of servers per rack

  • Square footage utilized

  • Your building’s voltage capacity (VAC)

  • Cooling system

  • Power supply for your servers

  • Production load

  • Computing resources

  • Kilowatts per server

  • Data backup solutions (on-site and off-site)

  • APC batteries

  • Server and software licenses

  • Server maintenance costs

  • On-site security

This isn’t a complete list by a long shot, but it gives you an idea of the amount of physical infrastructure needed to support on-premises. Once you’ve figured out all your variables you can do some fancy calculations to determine things like how many watts you need per square foot to power your servers (the current average is somewhere between 250-300 watts). That’s quite the energy bill.

We’re not here to be the pricing police – we’re here to talk cloud vs on-premise security – but just a single server without the building, the racks, cooling, hardware, installation, maintenance, or anything else, costs between $1000-$4000 in 2023, and you’ll need more than one. The takeaway? Total infrastructure control may not be cost effective.

At the climax of any good (or bad) hacker movie, there’s a scene where the hackers escape by outrunning actual guards. When thinking about on-prem vs the cloud, this is an important visual. On-premise environments require a layer of physical, on-site security in addition to network security and cyber defenses. It’s a significant upfront investment for hardware, installation, and the continued expense of humans to maintain it. On the second half of a server’s life cycle there’s also a cost of upkeep and eventual server replacement.

Pros and cons of on-premise vs cloud-based infrastructure

Whether you’re deciding between on-prem and the cloud at the start of your business, or considering a cloud migration, these are some key differences.

Main­ char­acteristics of on-p­remise

Main­ char­acteristics of clou­d-based

Main­ char­acteristics of on-p­remise

Larg­e upfr­ont cost­

Pay-­as-you-go subs­cription

Main­ char­acteristics of clou­d-based

Hard­ware/software inst­allation and lice­nsing

No inst­allation, fast­ onbo­arding

Full­ cont­rol over­ your­ infr­astructure

Thir­d-party host­ing

Resp­onsible for all comp­liance

Clou­d-provider resp­onsible for comp­liance

Larg­er ongo­ing cost­s (mai­ntenance, on-s­ite staf­f, etc.­)

Not resp­onsible for serv­er main­tenance

Resp­onsible for phys­ical and cybe­r secu­rity

Prov­ider resp­onsible for meet­ing secu­rity stan­dards

Supp­ort your­ own infr­astructure

Prov­iders offe­r dedi­cated IT staf­f, supp­ort and addi­tional serv­ices

Limi­ted to the devi­ces you use for inst­allation

Acce­ss on a larg­e numb­er of devi­ces, supp­orts inte­gration with­ othe­r tool­s and secu­rities like­ sin­gle-sign on (SSO­)

When to choose the cloud

When you need speed and security.

Pros­ of the clou­d

Cons­ of the clou­d

Pros­ of the clou­d

Pay by subs­cription, low upfr­ont cost­

Cust­om pric­ing stru­ctures can be comp­lex

Cons­ of the clou­d

Comp­liance and secu­rity are mana­ged

Cust­om term­s may be an adde­d cost­

Extr­eme scal­ability

May limi­t some­ conf­iguration opti­ons

Supp­orts thir­d part­y inte­grations

May be a lear­ning curv­e to use clou­d tool­s

Dedi­cated supp­ort and addi­tional serv­ices

Clou­d prov­iders can expe­rience down­time

Cloud environments are designed for speed, especially when you compare the time between onboarding with a cloud provider to the days/weeks/months it can take to install and configure on-premise servers. Because you’re paying for a service, cloud-based providers are obligated to maintain a certain percentage uptime, support responsiveness, security measures, and server maintenance – all outlined neatly in SLAs.

Cloud software is built to adapt. The success of these services depends on their ability to constantly meet new requirements and roll out new features and updates to keep them competitive with business needs.

When to choose on-premises

When you need total control.

Pros­ of on-p­remises

Cons­ of on-p­remises

Pros­ of on-p­remises

Comp­lete cont­rol over­ your­ infr­astructure

Larg­e upfr­ont inst­allation cost­s

Cons­ of on-p­remises

Cont­rol over­ your­ secu­rity

Addi­tional on-s­ite secu­rity is requ­ired

SMTP­ send­ing thro­ugh your­ serv­ers cost­s less­

No deli­verability or veri­fication supp­ort unle­ss you prov­ide it inte­rnally

Does­ not rely­ on inte­rnet to acce­ss data­

Must­ use your­ own reso­urces to meet­ comp­liance stan­dards

No rest­rictions on amou­nt of sent­ mess­ages, stor­ed data­, or size­ of data­bases

Less­ cont­rol over­ your­ emai­l repu­tation by owni­ng your­ own serv­ers

Maintaining an on-premise infrastructure may be pricey, but it’s also 100% yours, and that supports tailor-made security and customizations when it comes to your network resources. Also, on-premises does not rely on an internet connection to access stored data.

We’ve made it clear that on-premises has steep upfront costs, but there are some places that this solution can save you money. If you don’t need a high-speed connection to access data, you don’t need to pay for internet that supports high download speeds. You also have 100% control over your configurations and level of security, allowing you to tailor your solutions either for yourself or for target clients.

If we bring the conversation back around to email, companies with current on-premise infrastructure may find it hard to transition to cloud-based. Provisioning your own SMTP sending through your own servers costs less than a monthly cloud subscription.

However, when you manage your own physical servers, you have less control over your email reputation. Servers alone aren’t a service. PaaS providers like Mailgun offer additional support to protect against vulnerabilities and inefficiencies like traffic segmentation, dedicated IT teams, Deliverability Services, Email validation, and we scale up our protocols based on developing legislations like GDPR and CCPA.

On-premise vs cloud: Is on-prem more secure?

NO. This is a miss-conception.

When someone says “cloud security” in 2022, “compliance” is usually just a few sentences behind. Highly regulated industries: government agencies, utilities, etc., are less likely to convert to cloud-based because of their security controls and compliance obligations, and reservations about how cloud data is managed. That’s changing.

Regulatory controls such as HIPAA are cloud compatible and all cloud providers are held to an increasing number of compliances when it comes to sensitive data. SOC, GDPR, CPPA, HIPAA, ISO 27001, PCI DSS… these are not easy standards to meet. Cloud services are constantly being fortified against cyberattacks and vetted not just by compliance standards, but by current and potential customers. Just ask our sales and security teams how often they complete lengthy vendor security assessments.

Opting for an on-premise solution doesn’t exempt you from being compliant. On-premise infrastructure means you will be managing not only your own security solutions, but are also responsible for meeting state, national, global security, and data management requirements as they evolve. Do you have to be GDPR or CPAA complaint? No, but it will limit who you can do business with.

Data security and data storage

Encryption for data when it’s moving and for when it’s standing still.

Regardless of where your data is stored, either on-premises or in the cloud, encryption at rest is the standard protection format. Mailgun utilizes AES-256 encryption-at-rest for all customer data which means a 256-bit key is required for encryption/decryption. Sounds impressive right? Well, if it’s good enough for the U.S. National Security Agency (NSA) and giant cloud providers like AWS, it’s good enough for us.

Need more data security details? Check out the Mailgun DPA for all the ins and outs.

Email and security

Cloud-based providers support high volume sending.

There are two options when you need to send an email. Send with API or with SMTP. SMTP is a standardized protocol for transfer mail. It’s basically a relay system between a series of ports used to transfer your emails to your recipients. Sounds perfect right? Unfortunately, SMTP doesn’t support encryption in its native state, so it’s vulnerable to spammers.

How do we solve for this? Enter Transport Layer Security (TLS) encryption. TLS is an added layer of protection that does the encryption that SMTP can’t, so your messages are protected as they travel to the inbox.

Image shows your email path using a provider like Mailgun, from your app through Mailgun with TLS encryption, to your target inbox.

Securing messages in transit is only one part of the equation. There’s another aspect of email security around how your contact’s email addresses are imported. This requires a secure funnel, which Mailgun has created with our API. Our advice? Use API when you can to support your contacts and sending, it’s more secure than SMTP alone.

Security and scalability

One point for the cloud.

Scalability is where cloud-based delivers some serious hit points to on-premises, particularly when it comes to security upgrades. Companies like Mailgun are one-half product and one-half product support. This means when it comes to defending against cyber security, we have a dedicated team to counter threats and scale defenses. When it comes to resolving outages, we have a dedicated team. When it comes to answering customer questions, tailoring deliverability strategies, or meeting scaling internal protocols to meet compliance standards, we have dedicated teams.

Ultimately, on-premises is an independent infrastructure only responsible for itself and cloud-based is a collective infrastructure responsible to everyone that uses it.

Cloud-based infrastructure to power your email program

Deciding to partner with a cloud-based service might not be an easy decision. Maybe your company is under the spotlight when it comes to data management and security, maybe you’re considering leaving your current on-premise solution and are unsure what migrating to the cloud would mean.

As an email service provider, this is our bread and butter. If we haven’t converted you to team cloud, if you need more insight, more data, or just a broader view of email infrastructure and security, we’ve got it ready.

Learn about email security and compliance

Email security and compliance

Email security isn't easy. But you need to protect your business, brand, employees, and subscribers. Find out about the benefits of continually improving email security and compliance from our industry experts. It's yours to explore. No form filling required.

Related readings

The basics of SPF records

SPF doesn’t refer to how long you can wait before you have to reapply your sunblock (seriously, go get some). Instead, the term “SPF” refers to a security measure that helps...

Read more

Why improving email security helps protect the global economy

The economy is a complex, interconnected system with many moving parts. In the current global economic climate, it feels a little like we’re being tossed around in an unpredictable...

Read more

California Consumer Privacy Act (CCPA): Why should you care?

There’s been an ongoing gold rush, not for precious metals, but for personal consumer data. For a while, this highly valuable resources was up-for-grabs with minimal or non...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon