By Eric Vanderburg, Information security executive
This post is a continuation in a series on finding the right cloud solution for your business. Read the previous post here.
This statement may be familiar to many who have considered cloud services and it was both the start and end to many cloud discussions.
What is most important to you, cloud security and service customization or flexibility and cost?
Those who picked security and service customization adopted a private cloud model and those who picked flexibility and cost chose a public cloud model. Those that couldn’t choose continued using traditional IT to solve today’s problems and they had a tough time of it.
The good news is that you don’t have to make that choice anymore. Security, service customization, flexibility, and cost objectives can each be met through a merger of public and private cloud approaches in the hybrid cloud. To understand how this works, let’s briefly explore both prior models and the compare them to the hybrid cloud.
Security in public and private clouds
Organizations have more control over data and services when using a private cloud. This control allows for cloud services to be tailored to the company’s security strategy to better protect the data including security controls, and procedures necessary to meet compliance requirements. Along with greater control is increased visibility into the system for easier management and incident response. For example, computer forensic or investigative work can be streamlined as no third party limits access to the data or logs and the organization can collect evidence directly, resulting in a clearer chain of custody. Public clouds offer less visibility and control, making it harder to enforce security requirements, perform investigations, collaborate on incident response and notify customers quickly about data breaches. They have received the most criticism for their ability to securely protect data, especially in regulated businesses that must meet compliance requirements.
Private clouds may be shared among business units but they are not shared between unknown entities as is common in public cloud offerings. This reduces the chance that a successful exploit of a neighboring cloud system will impact organizational systems. However, public clouds are by nature targets because they are visible, well-known repositories of data. Attackers may not know what data resides in a public cloud or whether it is worth their effort to attack but public clouds hold so much data that they make a tempting target for attackers. By placing data in a public cloud, consumers are no longer a target of opportunity, they are a target of intent.
Public clouds offer the best flexibility since they can be expanded or adopted almost at will. Cloud consumers purchase just the services they desire. When they want more storage or additional processing power, they simply increase their cloud plan. Similarly, when they no longer need resources, they can release them back to the cloud.
Private clouds differ greatly in their flexibility. Organizations often purchase the servers, storage, and networking equipment along with the necessary software to set up a private cloud and they must pay IT personnel to maintain it. They also need to make purchases as the environment grows. Unfortunately, if demand for the private cloud shrinks, the investment is already made and the organization must find a different use for the equipment or suffer a poor return on investment when the equipment stands idle or when IT staff are not fully utilized. Hosted options are available for private clouds, but the organization must still have staff who are capable of managing the private cloud.
Public and private cloud cost models
Cost models differ greatly between cloud offerings. Public cloud pricing is based on service level and utilization. This tends to work well for companies that want to keep service costs aligned to usage. Private clouds often require direct capital expenditure, as mentioned above, or at least additional staff to manage, create and expand them.
Putting it together with the hybrid cloud
The hybrid cloud combines elements of the private and public cloud models. Private cloud elements provide the portal to services but public cloud elements can be used to extend the private cloud as needed. This makes the hybrid cloud flexible. Standardized elements that do not need the enhanced security of the private segment can be moved to the pubic segment, allowing for growth without as significant investment in capital equipment.
Data flows between public and private segments of the hybrid cloud can be fine-tuned to adhere to organizational security, privacy and compliance rules. For example, sensitive or confidential data, such as trade secrets, financials, and customer information could reside on the private element of the cloud while more operational data and public data are pushed to the public segment as needed. Alternatively, data could be allowed to be pushed to the public segment of the hybrid cloud but would only be able to reside there for a limited time and the data would be encrypted automatically.
I’m happy to say that you don’t have to choose between security and service customization or flexibility and cost. You can get it all in the hybrid cloud. For those who have rejected public or private cloud models, I encourage you to seriously consider the hybrid cloud. Tomorrow’s challenges will come in all shapes and sizes, many of which existing IT cannot handle. Move to a platform engineered for the future and reshape your business with the hybrid cloud.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.