Which ‘Flavor’ of Cloud Computing is Most Secure?

Written by Habib Madani

cloud computing securityThere are three flavors of cloud computing, a buzzword that, generally speaking, refers to making software, number-crunching ability and storage technology available through servers that are located off-site from where the user is.

Any of the three can be – and are – used today by enterprises to conduct their business. However, not all these ‘flavors’ are equal in terms of security and resilience, and it’s important that organizations know the difference.

The Trouble with Public Clouds

Probably the best-known type is what’s known as the “public cloud.”

In this form, technology services are made available to the general public via the Internet. Gmail, Dropbox and Office 365, to mention some examples, are on public clouds. In some cases, the service is free. In others, the customer pays the cloud provider to make a service available. In both cases, it’s the cloud company’s job to juggle which servers are used when, what security measures are in place, and so on, subject to any service-level agreement.

The trouble with using a public cloud is that your business essentially has to trust the provider to secure the network properly. If something goes haywire, the company can lose control over its data. 

That’s bad enough if it’s simply internal email. But what if, say, a bank’s cloud provider allows intruders to access credit card numbers of the financial institution’s customers? Or if a hospital loses control of patient data? One word: Disaster.

And conducting business via a public cloud presents plenty of opportunities for the bad guys to attack. For one thing, access to data can be granted from anywhere. For another, data travels over the open Internet. Thirdly, you’re sharing that cloud with other tenants.

Public clouds also leave you at the mercy of outages, as high-profile but public cloud-dependent businesses such as Netflix have found.

As an aside, it’s also important to consider the issue of cost, and the pay-per-use public cloud is not always the cost-saver it might appear on the surface. Companies must take into consideration the cost of bandwidth. Indeed, the cost of transferring large quantities of data has been known to put companies out of business. At the very least, companies are reporting severe sticker shock.

You also have to consider the size of virtual machine that will be needed for the job you are doing. Often, a leading public cloud provider will provide cost estimates based on the use of small or medium-sized machines, in terms of onboard data-processing memory and speed. If you end up needing a large VM, you could end up paying much more than you were quoted for smaller VMs.

Private Clouds: Greater Security and (Sometimes) Greater Expense

Which brings us to the second flavor: the “private cloud.” In this iteration, the customer handles everything cloud-related: security, juggling and maintaining servers, running data centers, the whole shebang.

The obvious upside to this approach is total control over all those aspects, in theory boosting both security and reliability. For many large businesses, especially those in highly regulated industries such as financial services, security and maintaining customers’ privacy is the top priority.

With a private-cloud approach, you know where your data lives, you know who has access to it, and you don’t need the Internet to access it. Private clouds also are immune to outages that affect public cloud providers such as Amazon Web Services.

On the flip side, private clouds – at least as provided by legacy vendors – can be significantly more expensive and can take months to assemble. However, some new, highly innovative players in the cloud space are introducing solutions that reduce both provisioning time and cost by orders of magnitude. (More on that later.)

‘Hybrid Clouds’

All of which us brings us to the third version of cloud computing – the “hybrid cloud.” This approach uses a combination of public and private cloud services with multiple vendors.

To paraphrase one example, some industries might use a public cloud to talk to each other electronically or conduct non-critical and non-confidential transactions, and a private cloud for exchanging and storing financial data. Each part of a business exists in the environment that best suits it.

This may be a viable fix for some problems, but it also introduces other problems. For example, the more vendors and networks a business deals with, the greater the complexity of the undertaking, and the greater the chance that something will break. Greater complexity also means more time setting up or scaling a solution and more costs involved in both setup and maintenance.

You’ll also need to invest effort in federating – linking – the various cloud environments.

An Emerging Solution

As you can see, selecting the right “flavor” of cloud solution requires many considerations. One nascent solution, however, provides enterprises with a dynamic, one-stop solution.

The emerging approach, labeled a Cloud Management Platform by Gartner, would marry the cost and efficiency benefits of public clouds with the security and resilience of private clouds in one on-demand, self-service interface.

While some highly innovative solutions are starting to appear, Gartner has said “no CMP addresses all uses cases out of the box.” Legacy virtualization vendors, in an attempt to ride the CMP wave, have acquired expensive bolt-on offerings that will work as long as your company stays with that vendor.

Other emerging providers are leveraging less-expensive open source technology to offer CMPs without the old “vendor lock-in” problem. As a result, customers can log in and deploy multi-tenant virtual networks in just seconds. And expanding cloud capacity is just as fast. Today, four of the five largest hosting provider clouds in the world are using an open-source virtualization platform.

Gartner recommends that CIOs and other IT leaders and cloud architects “assess large and emerging vendors” side-by-side. While it might be tempting to immediately select a vendor you’re familiar with, some up-and-comers may offer innovations that deliver advantages in both cost and functionality.

Either way, companies need help mapping out and managing their cloud strategies. As Forrester Dave Bartoletti wrote recently, nearly half of enterprise IT shops are building private clouds.

“The future … is therefore a hybrid mix of public and private clouds, but who will manage this new IT portfolio?” he wrote. “Today, cloud developers are often doing it themselves out of necessity, but they should be focused on coding and testing, not cloud service management.”

Next time, we’ll take a look at some of the various options available when your enterprise decides to embark on a private cloud option.