Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Evaluating Cloud Solutions – What Type of Cloud is Right for Me?

Evaluating Cloud Computing Solutions – Public vs. Private Clouds? Hybrid Clouds? Which is Right for Your Business?

Evaluating Cloud Computing Solutions – Public vs. Private Clouds? Hybrid Clouds? Which is Right for Your Business?

The first known reference to the “Cloud” as it related to computing was in Douglas Parkhill’s 1966 book The Challenge of Computer Utility. Parkhill explained his conception of a “Private Computer Utility.” He compared computing with the electrical industry and its extensive use of hybrid supply models. When the electricity grid was built, private on-site power generators were quickly cycled out. No longer did local businesses have to build, buy and maintain the hardware to create electricity, which was expensive both from a hardware as well as a human resource perspective. While it did carry some risk, electricity as a utility made sense in terms of finance and risk management.Evaluating Cloud Computing Solutions

In the world of Cloud Computing, there are three different types of “clouds” – public clouds, private clouds and hybrid clouds. Depending on what type of service or data you’re dealing with, you’ll want to compare the different options of what private, public and hybrid can offer. In most cases, the most important variable is the degree of security and management the hardware or application requires.

While we as an industry like to think that Cloud Computing is new, it’s not. The concept was coined forty years earlier.

With that said, it’s time to figure out which cloud architecture is right for you.

Private Cloud

A private cloud is one in which the services and infrastructure are maintained on a private network—generally a local datacenter within an organization. These clouds offer the greatest level of security and control, but they still require the company to purchase and maintain all the software and infrastructure, which can significantly reduce cost savings. A private cloud is the obvious choice when:  

·   Data is your business, so security and control are paramount on your list of requirements.

Advertisement. Scroll to continue reading.

·   Your company is large enough to run a hyper-scalable cloud datacenter efficiently and effectively on its own. This generally implies large enterprises.

·   Your business is bound and gagged to conform to strict security and data privacy issues as well as compliance mandates like PCI-DSS and SOX.

Some vendors use the term “Private Cloud” to describe products and services as “cloud-like”, or that are described in their market-ecture as the ability to “emulate cloud computing on private networks.” These products are often virtualized solutions that have the ability to host applications and Virtual Machines in a company datacenter. Frankly, I see little value in “Private Clouds” as they’re more focused on virtualization than cloud computing.

Don’t get me wrong, I think virtualization has its place as well. It’s certainly used in cloud computing, but that doesn’t make cloud computing what it is. Virtual technologies are valuable to businesses but often tend to obscure the full capabilities of cloud computing. The term “private cloud” borders on deceptive advertising; it fails to deliver on the potential of cloud computing and those who attempt to use it are hanging onto the coattails of the cloud.

Depending on your industry, though, private clouds do offer some benefits including shared hardware costs, quick recovery from failure and upscaling/downscaling depending on demand. And that’s fantastic. But the organization still has to buy, build, support and manage the infrastructure. This solution doesn’t benefit from up-front capital costs and it lacks the economic model that makes cloud computing so compelling in the first place.

Public Cloud

A public cloud is one in which the services and infrastructure are provided off-site over the internet. At its essence, “Cloud Computing” refers to the public cloud. These clouds offer the greatest level of efficiency in shared resources as well as efficiency in cutting spending. However, they are also more vulnerable than private clouds. A public cloud is the obvious choice when:

·   You need incremental capacity, or, the ability to add computer capacity for peak times. When the proverbial crap hits the fan, you’ll have capacity available to handle that, but those resources can be used by other VMs for their own tasks when not in peak capacity mode.

·   Your standardized tools and applications are used by many employees. Examples include e-mail, contact management systems or a company intranet site.

·   You need a sandbox to develop applications across geographic locations. Development and testing are a great use case for Cloud, especially when collaboration is needed.

·   You have a SAAS (Software as a Service) application which is offered from a vendor who takes a hard line approach to security.

Public Cloud as a computing concept offers cheap, commoditized computing resources which outweigh the benefits of in-house resources that have limited added value (no capex, access to resources everywhere at any time, minimal support costs and employees for maintaining the resource, shared overall costs and no peak load concerns).

But one of the concerns associated with public clouds is security and reliability. Make sure you have your security and compliance/governance strategies well planned as the short term cost savings could become a long term nightmare.

Hybrid Cloud

A hybrid cloud offers a variety of public and private options with multiple providers. By using a hybrid approach, you’re able to spread things out over a number of providers to keep each aspect of your business in the most efficient possible environment. The major downside here is having to keep track of multiple security platforms and make sure all aspects of your business can communicate with each other. So, if the following situations describe your environment, then the hybrid cloud may be the best option for you:  

·   Your company uses a SaaS application, but has security concerns. Private clouds are often used with VPNs (Virtual Private Networks) for additional security.  

·   When your market is multiple verticals, you may be in a situation where you want to use private clouds for client interaction, but their sensitive data is kept in a Private cloud. This is an optimal use case for Hybrid Clouds.

When managing private, public and traditional datacenter models all at the same time, management can become complex. Maintaining a tool which will federate these separate pieces for the sake of SLAs and troubleshooting becomes the challenge.

Most of what people are calling “private clouds” share a number of qualities with public clouds and can thus be classed as a “hybrid cloud” architecture. Most large enterprises will be looking to run a hybrid architecture for several years to come (though many early adopters have already taken the plunge). The waters are tepid in different clouds for different reasons.

In summary, Public, Private and Hybrid cloud environments can all viable solutions based on your use case. Public clouds offer the greatest cost savings, but the least amount of security and control. Private clouds offer just the opposite, with costs being much higher due to hardware/software and maintenance costs; however, security and control are supreme. Hybrid is the best of both words, but can often be very complex to manage.

Take a step back, identify your use cases and requirements and then take the plunge. Cloud is not just the future. It’s today.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.