Rarely a day goes by when the cloud isn’t mentioned in the tech world. Cloud-based, cloud computing, hybrid cloud, cloud-hosting, cloud-first, private cloud, public cloud and the list goes on and on. It has become the marketing buzzword in the tech industry. Even Oracle CEO Larry Ellison claimed confusion when confronted with an article on cloud computing. Yet, nothing appears to cause greater confusion than the difference between private and public clouds and the basic security implications each entails.
Basic Differences between the Public and Private Cloud
Before digging into the security implications, it is worth clarifying the basic differences between the public and private cloud. The public cloud is, as the name suggests, the public iteration of a data storage service. Gmail, Office 365, and Dropbox are all popular examples of public cloud services. Private cloud services are extremely similar, except that you or your organization owns the cloud and operates it in your respective datacenter in order to offer data storage to your internal customers. Gartner analyst, Thomas Bittman defines the private cloud as a “form of cloud computing where service access is limited or the customer has some control/ownership of the service implementation.” The largest difference then, is that the private cloud can be physically managed and operated by the organization that possesses it. But this isn’t always the benefit that it may seem to be.
So what does this mean for my organization’s security needs?
For an organization, there are certainly advantages to being in physical control of your cloud. For some, this provides peace of mind because your organization’s data exists in an isolated infrastructure. Here are a couple other additional benefits:
- Your data exists behind your organization’s firewall
- You can personalize the architecture to fit your needs
- No risk involved if something were to happen to the cloud provider
However, the private cloud does not come without disadvantages. Because you have physical access to the servers, this means that your employees potentially do as well. Consider these further disadvantages:
- Defense against attacks must be waged within the organization
- The security of your data becomes entirely your responsibility
- You are subject to your local power grid and ISP
While there are certainly downsides to the private cloud, for some organizations, the transparency that it offers is enough to tip the balance in favor of the private cloud. The public cloud does not offer nearly as much insight into how your data is being managed and protected. Additionally, large public cloud vendors such as Google and Amazon are inherently more susceptible to being hacked. Ultimately, the private cloud offers your organization greater control over its data storage—for better or for worse.