The Cloud, Cybersecurity and Industrial AI: Is On-Premise Really Safer?

Geir Jåsund, CEO at Mikon AS

Introduction In the past few years, several industrial companies have faced serious cyber incidents, some severe enough to halt production for days or even weeks. These events have had a lasting impact on attitudes toward digitalisation, especially the use of cloud technologies in production environments. Many organisations have responded by tightening isolation, insisting on on-premise installations, and shielding factory networks from any external connection.

But is this truly a safer way? In a world increasingly dependent on data-driven insights, remote collaboration, and AI, isolation may protect in the short term. But it can also introduce new risks. The balance between security, connectivity, and innovation has probably never been more critical.

The Perception Gap: Cloud Equals Risk, On-Premise Equals Safety

For many industrial firms, cybersecurity discussions start from a position of fear. The logic seems straightforward: if systems are disconnected from the internet, they cannot be attacked. However, experience shows that many cyber incidents originate not from remote hackers but from internal factors like compromised USB drives, infected laptops, or maintenance connections.

By contrast, modern cloud infrastructures are designed with security as a core discipline, not an afterthought. They benefit from large-scale monitoring, continuous updates, and dedicated cybersecurity teams. Yet, misconceptions persist, especially in industries where process stability is paramount.

Where Vulnerabilities Really Lie

True security weaknesses rarely depend on where systems are hosted. Instead, they stem from a combination of technical debt and human behaviour:

• Unpatched local systems: Many on-premise installations run outdated operating systems or unmaintained servers.

• Weak network segmentation: A compromised office network can expose production systems if segmentation is inadequate.

• Human factors: Phishing, misused credentials, or maintenance accounts are common entry points.

• Unsecured remote access: VPNs or vendor tunnels often remain open longer than needed.

• Lack of monitoring: On-premise systems may lack the continuous surveillance available in cloud environments.

  
  

The result is a false sense of safety. While disconnected systems appear isolated, they may actually be more vulnerable due to inconsistent maintenance and visibility.

Modern Cloud Security: Built for Resilience

Cloud providers like Amazon with AWS and Microsoft with Azure have invested heavily in security infrastructure,  far beyond what most individual companies can achieve internally.

Their services typically include:

• Continuous patching and monitoring to close vulnerabilities in real time.

• AI-driven threat detection that identifies unusual access patterns and stops attacks before they spread.

• Data redundancy and recovery ensuring minimal downtime if incidents occur.

• Encryption and access control at multiple layers, including data at rest and in transit.

• Compliance and certification with ISO 27001, SOC 2, and regional data protection regulations.

or industrial users, the key lies in implementing a secure cloud architecture with clear boundaries between operational technology (OT) and information technology (IT) domains. Process-critical control functions remain local, while non-critical data and analytics are safely handled in the cloud.

Hybrid Architectures: The Best of Both Worlds

The most robust solution is rarely all-cloud or all-on-premise. Instead, a hybrid model combines the operational reliability of local systems with the scalability and security of cloud-based analytics.

In this model:

• Core production systems and PLCs stay on secure, segmented factory networks.

• Data flows securely to the cloud for production reporting and AI modelling.

• Cloud-based AI models send optimised parameters or insights back to local systems.

• Firewalls and gateways ensure one-way communication and strict authentication.

This approach allows factories to benefit from AI’s predictive and analytical power without compromising operational integrity. It also supports disaster recovery, as cloud backups remain available even if a local network is compromised.

AI as Both a Target and a Defence Tool

As industries adopt AI, the technology itself becomes part of the cybersecurity equation. On one hand, AI systems can be targeted, especially if data integrity is not protected. On the other, AI is a powerful defensive tool:

• Anomaly detection: AI models can identify irregular network or process behaviour before humans notice.

• Automated response: Machine learning can prioritise threats and trigger rapid containment.

• Predictive security: Analysing historical attack patterns helps organisations anticipate new threats.

Used responsibly, AI strengthens resilience by learning from every attempted breach, an advantage traditional security tools cannot match.

Cultural and Organisational ChallengesTechnology alone cannot guarantee safety. The greatest cybersecurity risks often stem from gaps in governance, training, and collaboration between IT and OT teams.

Common challenges include:

• Misaligned priorities between production uptime and security compliance.

• Insufficient training for operators and engineers on digital hygiene.

• Limited understanding of shared responsibility in hybrid systems.

Effective protection requires cultural change. Industrial organisations must treat cybersecurity as a continuous discipline and not a one-time project, and ensure that both IT and OT teams share ownership of digital resilience.

Best Practices for Secure Industrial AI Adoption

1. Network segmentation: Strictly separate IT, OT, and cloud environments.

2. Zero-trust access control: Enforce multi-factor authentication and least-privilege principles.

3. Regular patching and updates: Automate wherever possible.

4. Continuous monitoring: Use AI-based threat detection and alerting.

5. Incident response planning: Test and refine disaster recovery workflows.

6. Data governance: Ensure all AI inputs are validated, logged, and traceable.

Conclusion

Cybersecurity in industrial environments is not a question of cloud versus on-premise, it is about designing for resilience. While isolating systems may feel safe, it often leaves organisations blind to emerging threats. Conversely, cloud-enabled architectures, when implemented with proper segmentation, encryption, and monitoring, can deliver stronger protection and faster recovery.

Industrial AI depends on connectivity, to collect, learn, and optimise. The challenge is to connect intelligently and securely. By embracing hybrid architectures and continuous security practices, process industries can achieve both objectives: innovation and protection.

In the end, safety does not come from isolation, but from visibility, preparedness, and trust in well-managed systems.