|

Public Cloud or Private Cloud, that is the question? Or is it?

You realize the overarching benefits of the cloud, but you are a bit wary regarding the security of any data stored and transacted in these virtualized environments.  But the cost-saving benefits and user preference and resource delegation of the cloud are such that not integrating some processes, applications and data is counterproductive to your overall IT strategy. So you decide that a private cloud is a more secure route that its public counterpart. But are you really any more secure?

The quick answer is no. But not for the reason you might think. A private cloud is infrastructure operated solely for a single organization. The only difference is that your data is segregated from any other organization. And if that brings you any semblance of peace, then it’s a good investment. It all depends on your business need. It offers greater control, but means you shoulder all the overhead, updating, risk management and related costs. And if you factor in the compliance requirements for financial or healthcare related companies, it might be the better option.

But, the thing is, it is still a server. It is still prone to all the issues on-premise and pubic clouds in terms of intrusions, attacks, user carelessness and resource deficiencies. It is as vulnerable (or protected) as the alternative counterparts. The only difference is the means of security you apply towards protecting it. You can build the most sophisticated on premise security solution, but if you leave a window open, data will still leak, unwanted intrusions will still get in and George from sales will still log into your network from his unsecured iPhone.

So let’s be clear. From a platform security perspective, it does not matter whether you choose public, private or hybrid clouds. It matters how you protect it; which can also be effectively  managed from the cloud. And depending on your preference, a cloud-based security management should be able to equally protect and support any cloud or on-premise configuration.

If you assume your SaaS-based CRM, payroll or inventory shipping applications are well protected by the developer, you are equally inviting problems. According to new guidance from the National Institute of Standards and Technology, YOU and not your providers have ultimate responsibility for the security and privacy of data stored on the cloud. The SaaS developer are responsible for their infrastructure, not your data or who you provide access to that data or how you transit the data from endpoint to endpoint…unless the service you invest in is a cloud-based security-as-a-service.

Cloud-based security can be seen as having your cake and eating it too. You benefit from a diverse portfolio to meet your specific business needs and now you have another resource that allows you to gain best-of-breed, enterprise level power, capabilities and control.  You have a way to monitor your public or private clouds (or your complex integrated networks) 24/7/365 or create multifactor authentication barriers to access intellectual property. With the right processes and rules, you can create and seamless layer across multiple servers and infrastructures that connect each independent silo of data that can differentiate roles, traffic patterns, context and data sensitivities.  We are talking a combination of intrusion detection, log management audits, identity and password management and SaaS single sign on and web authentication services.

Before the maturation of cloud-based security, ensuring the security of any cloud-based application could be problematic. There was significant investment and limited budgets for in various software,  time commitments, expertise and the great unknown of how dedicated the application developer was in the security of your data. To secure just this aspect of your business, you were looking at a 2:1 or 3:1 ratio of professional services on top of the licensing and required hardware installs. Now that security-as-a-service is not only an emerging (and tremendously cost-effective alternative) but tested choice, it provides a great latitude in terms of being able to properly keep in lock step with the challenges posed by applications…public, private and legacy.

So when deciding whether public, private or hybrid clouds make more sense for your organization, know that your choice should be dependent on the best option for your specific need. There are plenty of experts willing to weigh in on best practices for each. But when it comes to security, make sure you have the flexibility and scalability to securely manage your quickly disappearing perimeter.

Kevin Nikkhoo
CloudAccess.com

Short URL: http://vertical-cloud.com/?p=7275

Posted by on Jul 27 2012. Filed under Architecture, Cloud Functionality, Cloud Security, Private Clouds, Public Clouds, SaaS / Software. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry
cloud computing conference 2014
cloud computing conference 2013
cloud computing conference 2013, cloud slam, santa clara, california cloud event, ibm, sponsor cloud computing conference 2013 cloud computing conference 2014,  california, san francisco

Recently Commented

  • stan: The cause cannot always be the company; instead, it must also be managers’ pursuit of their own values within...
  • Darryl Ragantesi, guest: Darn, Interviewer could not get to the guts into what Mike is into. It’s all high...
  • Steven Woodward: As a leader at several Cloud SDOs I appreciate the efforts that CISCO puts forward in several...
  • Steven Woodward: As a leader at several Cloud SDOs I appreciate the efforts that CISCO puts forward in several...
  • Sridhar Somaraju: Very high level, you should articulate more specific benefits related to retail, corporate and...

Get weekly updates

Receive latest cloud news in your inbox