About MCPc

MCPc is a trusted technology products and solutions provider driven by a team of dedicated, customer-focused professionals with experience solving complex business challenges.

Posts by Category

MCPc Blog

Current Articles | RSS Feed RSS Feed

Security in the Cloud: Private vs. Public

Posted on Thu, Dec 22, 2011 @ 03:33 PM

During MCPc’s Modern Technology Lessons roundtable discussion on the path to the cloud, cloud security was one of the most-talked-about business concerns. Across the industry these sentiments are echoed, as security remains a top concern for organizations considering a move to the cloud.

“What’s happening to my company’s data as it’s hosted in the cloud?”

Organizations need assurance of airtight processes that will be in place for data protection, availability, user authentication and access control, and continual threat management in the cloud.

In this post, we’ll run through levels of security to expect in both the public and private cloud models, as well as considerations for engineering your own secure cloud environment.

Cloud Security: Public vs. Private

With the choice of any cloud model, there are security concerns to consider. When choosing a cloud strategy for your organization, assess the security posture you have today against the security posture your organization will need in the future.

Any cloud strategy—be it public, private, hybrid or community—affords different security posture advantages and disadvantages. Regardless of your cloud model choice, the primary concerns from chief security officers (CSOs) are how data will be protected, secured, made fault-tolerant and replicated.

security in the cloud

Private Cloud Security

For many organizations, virtualization naturally lends itself to a private cloud model. In this model, your organization will find similar security concerns to that of moving data into a centralized on-premise environment, but lessened concern around data replication security than in a public cloud strategy.

In the private cloud, businesses realize some of the same benefits of the public cloud—such as device flexibility, sever scalability, employee mobility, increased collaboration and a greener IT environment—without the security concerns some have about “letting go” of their physical data.

However, keeping your private cloud maintained and secure may require more active in-house management.

Public Cloud Security

A public cloud model is generally thought of as less secure than the private model, largely because the organization’s lack of physical awareness breeds concerns of a “fear of the unknown” mentality. IT pros considering public cloud solutions need to address both physical and technical security with their providers, and focus on where data exists, how it’s replicated, and how it’s maintained.

For example, I met with a cloud service provider that maintained at least seven physical security layers surrounding its on-site datacenter, including actual guards and an eye scanner. The physical security of this public cloud solution is most likely markedly better than what could be provided in house by most CSOs, but the concern of data replications and access via the network remains.

An advantage to public cloud offerings is that in hosting all of your organization’s data in the cloud, a few potential security concerns may be lessened.

Take the healthcare industry as an example. When a healthcare provider moves patient records to a hosted solution, IT managers can be less concerned with records being lost on multiple local devices, and focus more on how to protect data and keep it compliant in one place—where it’s stored.

However, healthcare brings another caveat to the table: compliance. Some industry regulations may prohibit storing personally identifiable information in the public cloud.

Federal government, specifically defense, is another strictly regulated industry. However, The Defense Information Systems Agency’s Rapid Access Computing Environment (DISA’s RACE) shows how this highly regulated department can find its solution in a more secure and private cloud environment. 

Final Thoughts

Regardless of whether an organization would choose a public cloud offering or maintain their data locally in a private model, vigilance is always the word of the day.

What thoughts do you have about the security advantages and implications of the private and public cloud? Is your organizations’ hybrid cloud solution a mix between multiple cloud offerings?

Andy Jones

Andy Jones is Senior Vice President of Sales. He has more than 15 years of IT industry experience, and is an expert on cloud, virtualization and managed services solutions. Connect with Andy on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn. 


Image credit: Debs

Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

MCPc Blog

The MCPc Blog offers insight into common business technology products and solutions, as well as an inside look at MCPc's people and culture. 

Subscribe by Email

Your email:

Connect with MCPc

Latest Posts

Most Popular Posts

Posts by Month

Copyright © 2010 MCPc, Inc. All Rights Reserved. All Rights Reserved. Designed and Developed by Wakefly