Virtualization and Cloud executives share their predictions for 2013. Read them in this VMblog.com series exclusive.
Contributed article by Gilad Parann-Nissany, founder and CEO of Porticor
Private and Public Clouds will be, in many ways, the same in 2013
The debate between those who sell private clouds and those
who sell public clouds has been all the rage for the past 3-4 years. Private
clouds are touted as more secure, while leveraging your existing investment in
hardware and virtualization. Public clouds are touted as the only "true"
clouds, with truly massive scale and real economic benefits.
It is possible, however, to cut this debate in a different
way if you look at it not from an IT perspective, but from the point of view of
the end user of an application. That end user often has similar expectations
from a "public" and a "private" cloud solution.
Let's take a business case and analyze it from a security
point of view - this is the most direct way of bringing out the argument. Suppose
you are creating an application for your users which manages sensitive
information. Further assume your users are not internal to your own
organization.
That latter point is central. If your users are completely
internal to your own organization, especially if they are pure IT users or are
localized (your organization is not too far-flung), chances are you have no business
reason to go to a public cloud at all, and even a private cloud may be just a
fun technology play for you. In other words, if your users are completely
internal and/or a tight-knit group, doing a "cloud" approach is a matter of technology
fashion and not a business need.
So, let's go back to the business case we outlined, where your
users are not internal. As a consequence, your users will not care whether you
have implemented your solution on a third party vendor's cloud or on your own
private cloud. The users will have many of the same security expectations, and
meeting these expectations may involve many of the same technologies.
Security is touted as one of the main differentiators
between private and public clouds. As more users express the same expectations
from both, we will see a more mature discussion emerge in 2013.
Private clouds will certainly leverage existing investments in the data center,
and offer more direct control to the service provider; public clouds will offer
economies of scale. But both kinds of provider will find that they have similar
security conversations with their customers.
For example, sensitive information in the cloud should always
be encrypted. Your users will not need to understand the technological details,
but they will need to know that - at the end of the day - you have provided
maximum security for their data, so much so that it is private even to you.
This can be achieved today with cutting edge technologies, such as Homomorphic Key
Encryption and Split Key
Encryption. While users need not understand the details of these
technologies, they will appreciate the result: A guarantee from you, their
supplier, that you can never read their data; and that they have full control
of their data through a simple "master key" that is never exposed in the cloud
or to anyone but the user.
In another example, let's address concerns about physical
access. Your users want a guarantee that physical access is tightly controlled
to the servers that deliver the application with their data. Whether you
control physical access yourself, or farm it out to a third party who has
controls you trust, is up to you. Your users will - in both cases - want the
guarantee from you, and it is up to you to decide whether you achieve
this directly or through outsourcing and contractual obligations.
Such attitudes among the users - the people that count -
mean that the differences between public and private clouds are not all what
they are hyped to be. This is affecting the market - user perceptions are affecting
supplier perceptions. More and more shops understand that the security
questions that matter most will come up whether you label your solution as
private or public. In 2013 we will see this view becoming commonplace, and users
in both scenarios will be shopping
around for solutions to similar security issues.
###
About the Author
Gilad Parann-Nissany, founder and CEO of Porticor, developer of the industry's only
trusted cloud data security system, is a Cloud Computing pioneer. As CTO for
Small Business at SAP, Gilad built SaaS Clouds for medium and small enterprises
and contributed to SAP products reaching more than 8 million users. Before
founding Porticor, he created a consumer Cloud at G.ho.st - a cloud operating
system that delighted hundreds of thousands of users while providing
browser-based and mobile access to data, people and applications.