Finding Security in the Private Cloud
January 5, 2013

For years, security has been the one thing most often cited as the top obstacle to widespread cloud computing. Though the conversation is shifting as the cloud matures, many still see security, or lack thereof, as a major hindrance.

The Cloud Security Alliance recently published its updated Top Threats to Cloud Computing, which identifies eight of the main challenges businesses face when working with the cloud. The No.1 threat, cited by 91 percent of respondents, is data loss/leakage, followed by insecure APIs, malicious insiders, and account/service and traffic hijacking. Rounding out the list are abuse of cloud computing, unknown risk profile, shared technology vulnerabilities, and distributed denial of service.

Despite these threats, businesses are still anxious to get on the cloud computing bandwagon. Cloud service providers have touted the cloud's ability to increase flexibility, improve agility, and reduce IT expenditures -- three keys attractive to any business looking to embrace modern workforce trends while coping with ongoing economic struggles.

However, the threats cannot be ignored, and, as such, businesses must take certain steps to make sure they're not putting their hosted data and applications in harm's way. One way to accomplish this, many have found, is through the private cloud.

Security Benefits of the Private Cloud
One of the primary security benefits of the private cloud is control. The majority of private clouds are built on-premise, meaning the company can enjoy the comfort in knowing that its cloud resources are safely behind its own firewall and not sharing space with other companies' cloud environments.

Further, since the company owns the private cloud, it can respond quickly to any problems that may arise. This practice is bolstered by effective network monitoring and reporting solutions, which give a company a clear picture of what is going on within its IT infrastructure.

Regulatory compliance is also easier in the private cloud. Since there are fewer entry points compared to the public cloud, a business has greater oversight regarding who is accessing its network and can enforce access authorization more strictly. Whether a company must comply with HIPAA, the PCI-DSS, Sarbanes-Oxley, or any other regulation, this level of control is sure to be a benefit.

Security Challenges of the Private Cloud
Just because a business opts for a private cloud doesn't mean security can take a backseat. Though most agree at this point that the private cloud is more secure than the public cloud, private environments are not without their challenges.

For example, a recent CSO report pointed out that a business must keep a close eye on clouds built inside its firewall, as "it still takes just one bad apple to spoil the barrel." This means companies must be diligent about monitoring their IT environments to ensure no user or department is breaching security policy and misusing the cloud.

The report also asserted that authentication and authorization must be priorities in the cloud. This goes back to the discussion of control. Just because a cloud is hosted on-premise doesn't mean a company can rest on its laurels. A business must still consider the access it provides its employees and ensure it is not moving forward without a visibility plan in place.

Balancing Act
Ultimately, a business must weigh the benefits of the cloud with the risks. A company should also consider what it can gain by deploying a public cloud service. In many cases, a business will find it can reduce costs through the public cloud while bolstering security through a private environment. If this is the case, IT decision-makers might opt for a hybrid solution, in which certain applications are hosted in the public cloud while more mission-critical solutions are kept in the private cloud, where they can be better protected.