I have the possibility to use a shared mysql server offered by a reliable Italian cloud provider (Aruba). The service satisfies my performance needs and would notably simplify my infrastructure.
My concern is that this shared mysql service (DBaaS) is only offered with public ip address exposed on the internet, authentication with userid and password and SSL connection.
The data that I would move to this server are reservations and accounting for a certain number of hotels. It's definitely critical and confidential data and a data breach would be definitely a disaster.
Till now, my infrastructure is based on a firewall that only exposes the web server, while the database server is a custom VM connected through a virtual switch and not visible on the internet.
How bigger is the danger of such an infrastructure (DBaaS with public ip address) compared to my actual setup with a private VM running mysql on an internal IP address?
PROS: security, updates and firewalling would be managed by the cloud provider in a more consistent and persistent way
CONS: exposure on the internet