Virtualization Technology News and Information
Article
RSS
Can You Trust The Public Cloud?

Contributed Article by Sabi Goriawala, Co-Founder & VP Marketing, PerfectCloud Corp.

Dropbox, Google Docs, Gmail, Insightly CRM, Podio, CloudFlare, and SkyDrive all have one thing in common: They are all public cloud services. Each public cloud service functions like a big ocean in which anyone can swim. As concern for security has risen sharply due to an unprecedented amount of attacks, our only question now is: does the public cloud have what it takes to keep us safe?

It's All about Trust

It all boils down to trust. How much can you trust Dropbox to make sure that none of your data is breached? Would you trust Google with your life?

For small business owners, the risk of compromise on the public cloud is not very high. Although the private cloud offers the ultimate security experience, the public cloud can be a viable and secure platform as long as it follows certain best practices.

Here's some food for thought: who is going to deal more efficiently with a security breach: a company that's occupied with many other things aside from its private cloud, or a company that focuses virtually all of its resources in running its public cloud? Remember that companies running their own private clouds are not developing them, and might neglect to keep them up to date, while companies running public clouds are consistently changing their systems and keeping them always up to snuff.

But there's another side to this story: In the public cloud, it's difficult to know whether a company is actually treating your data with the respect it deserves. You'll have to trust that company, and it's the company's job to convince you to use its services by informing you as to why you, beyond a reasonable doubt, should feel that its mechanisms provide safeguards against any eventual compromise.

The Disadvantages of the Public Cloud

The main disadvantage when using the public cloud is the lack of control. Users just get a view of their own virtual machines but cannot control their own hypervisors. In this sense, the public cloud is not a viable option for businesses that have large-scale operations.

Added to this is the fact that businesses large and small face regulatory burdens that might affect how they conduct their businesses in the long run, and the public cloud isn't always quite ready to address these issues chiefly because it does not run on premise. Instead of using an email service like Gmail, for example, some companies might have to opt for their own Microsoft Exchange infrastructures.

If regulation is not an issue, cost might be. In large corporations with hundreds or thousands of employees, the public cloud might not be a viable option because of its per-user cost. For small businesses with 5 employees, $5 per user per month ($25 per month) might be a bargain compared to buying hardware worth thousands and paying maintenance costs upwards of $100 a month. But, for a business with 500 employees, this translates to paying $2500 per month. In three months, that adds up to a very sophisticated server that can handle those 500 employees easily within the premises.

The public cloud is mainly there to allow businesses that don't have the resources to maintain their own data centers to use enterprise-level computing applications.

Cloud Security

In terms of security, public clouds usually follow industry standards to maintain their security. They may use AES encryption and store user data using certain methods. However, some of them go further than that and muster up new methods that make them even more secure, like SmartSignin's use of SmartKey. In SmartSignin's case, however, its services are also offered on premise, if a business may prefer this. Some public cloud providers have a tendency to also offer on premise solutions for businesses with large infrastructures that must conform to regulations that strictly limit how much information can be exchanged on public networks.

All in all, the public cloud has a relatively low chance of a security breach. There are still many more data breaches on regular PHP/MySQL websites than there are on cloud networks. This is explicable through the shift in focus from providing entertainment (as is the case with regular web services and sites) to providing professional services (as is the case with the cloud).

That said, it's important to still maintain caution, as the Internet is full of unpleasant surprises and one day your data may be breached. To minimize such damage, you should call upon solutions like SSO that allow you to maintain a certain level of password diversity among all your online accounts. In fact, you may as well make this available for your employees.

Where the Private Cloud Is Advantageous

Let's not get too caught up in the "private cloud is awesome" discussion. The private cloud also has some very unique things to offer in terms of security that you normally cannot get out of using a public cloud, such as incident response.

Again, as previously mentioned in the private/public debacle, it's about control. When an incident happens (i.e. a hacker manages to gain entry), damage control is much easier on the private cloud, where you have all of the cloud's resources under your command. Public clouds will have generally slower response times. At the incident site, the private cloud wins, hands down.

Redundant deployments with backups of data are usually also only possible in the private cloud. This keeps downtime to a minimum and keeps critical operations running while the system as a whole undergoes repairs.

Where the Responsibility Belongs

Ultimately, it is in the hands of the enterprise to choose whether the public cloud or the private option is the best choice. Enterprises must be responsible to make fully-informed decisions regarding services they want to outsource to the cloud. Although a public cloud can run a tight ship, it can also have a disastrous architecture full of holes. It's all about trust.

Saying that a public cloud is always superior to private solutions is naive and irresponsible. While most of them employ very powerful security practices, some of them may not respond to incidents as readily. Others might have inherent flaws in their systems that haven't yet been discovered, despite many customers claiming that the service is secure. There's always a risk involved when making any decision.

###

Published Monday, April 07, 2014 6:32 AM by David Marshall
Comments
golbmv - April 7, 2014 9:54 AM

"The main disadvantage when using the public cloud is the lack of control..." esp when the users can't control the keys used for encrypting the data. When the users don't have keys to themselves, they can't really have a full control to their data. Though users can encrypt their data using encrypted file system like encfs, http://ninjatips.com/encrypt-dropbox-using-encfs/ ,they can't easily share the files afterwards. A better client side encryption solution needs to be in place for any public cloud.

golbmv - April 7, 2014 9:55 AM

"The main disadvantage when using the public cloud is the lack of control..." esp when the users can't control the keys used for encrypting the data. When the users don't have keys to themselves, they can't really have a full control to their data. Though users can encrypt their data using encrypted file system like encfs, http://ninjatips.com/encrypt-dropbox-using-encfs/ ,they can't easily share the files afterwards. A better client side encryption solution needs to be in place for any public cloud.

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<April 2014>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910