@CloudExpo Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski, Roger Strukhoff

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

Why Public Clouds Are More Secure than Private Clouds

Building a truly secure Private Cloud is much harder than it sounds

Conventional wisdom would have you believe that Public Clouds are inherently insecure, and that the only way to meet your organization’s stringent security requirements in the Cloud is to implement your own Private Cloud. Conventional wisdom, you say? Unfortunately, there is precious little wisdom available of any kind when it comes to Cloud Computing, let alone the conventional type!

In fact, large software and hardware vendors are largely responsible for the whole “Public Cloud is insecure” canard, introducing fear, uncertainty, and doubt (FUD) into the marketplace. After all, building a Private Cloud means buying a lot of new gear. The last thing the big vendors want is for their customers to move to Public Clouds - unless, of course, they belong to the vendor in question. Don’t be fooled. Public Clouds are typically more secure than Private Clouds, for a number of reasons. Here’s why.

Why Public Clouds Are More Secure…

  • Hardened thru continual hacking attempts – Public Cloud providers are a juicy target. Hackers know how to find them, realize there’s good stuff inside, and would be the envy of all their hacker pals if they were able to breach the Public Cloud’s defenses. As a result, h4x0r types have been hammering on Amazon Web Services, Microsoft Azure, and all the others. Thousands of them. For years now.
  • Attract the best security people available – Public Cloud providers not only attract hackers, they attract talent. If you’re a top Cloud security expert, where would you rather work: Amazon? Or some big insurance company or manufacturer or government agency? I thought so.
  • Get the latest security gear due to economies of scale – How many Cloud data centers do the big Public Cloud providers own? And how fast are they building new ones? You don’t need to know the specifics to realize the answers are boatloads and wicked fast. And they’re buying gear for them. New gear. Boatloads of it. Wicked fast.

Why Private Clouds Are Less Secure…

  • Suffer from “perimeter complacency” – It’s amazing how many enterprises think that their DMZs and firewalls give them adequate security. If it’s on the internal network, it must be secure! As though they completely missed the Internet. And email. Not to mention viruses. What about twenty-somethings downloading malware to the corporate network through their phones? Now the enterprise wants a Private Cloud, so they can put the whole kit and caboodle on their internal network for security purposes. Good luck with that.
  • Unknown staff competence – Sure, your organization has a lot of great security people. They all know their stuff. Try this: have a big party for them. Two hours in, take a look around the room. See that guy with the lampshade on his head? He’s responsible for Private Cloud security.
  • Insufficient penetration testing – How do you test to make sure your Private Cloud is secure - or any other part of your IT infrastructure, for that matter? Simple: have your testers run a series of security tests. Or maybe hire a third party to run them for you. If all the tests pass, you’re secure, right? Maybe for like a minute, until the hackers figure out new attacks that didn’t make it into your security tests. Whoops.
  • May have older gear in use – You spent hundreds of thousands of dollars on security hardware. In 2009. Now you’re putting the final touches on your Private Cloud. Try this: ask your CIO for hundreds of thousands of dollars more to replace that three-year-old gear. The response? Maybe next year. Try updating the patches. I’m sure you can make do with what we have. And maybe you can - but don’t expect it to compare with the brand new shiny stuff going into Public Cloud data centers every day.

Virtual Private Clouds to the Rescue?
With a Virtual Private Cloud (VPC), a Public Cloud provider gives you a dedicated, secure connection (usually via a VPN) to your Public Cloud instances. In some cases, those instances are physically separated from other customers, so that your stuff can’t end up on the same box as somebody else’s stuff.

VPCs may actually be the most secure option available today, as you have the best of both worlds. Furthermore, they may address specific regulatory or other governance issues that may prevent your organization from using a multitenant Public Cloud. If you read the first section of this ZapFlash and think that neither Public nor Private sounds secure enough, then a VPC may be the way to go.

However, VPCs aren’t for everyone. They may only be marginally more secure than Public Cloud, as Public Cloud providers have generally done a bang-up job securing their multitenant architectures. And keep in mind, a single-tenant VPC will typically be substantially more expensive than a regular Public Cloud equivalent. The bottom line: VPCs are more about peace of mind than actually increasing security.

The ZapThink Take
You’ll have to excuse me, I’m in a particularly snarky mood today. I must admit that the title of this ZapFlash is actually an overgeneralization. It’s certainly possible that your Private Cloud is more secure than some Public Clouds out there. The true message of this article is that building a truly secure Private Cloud is much harder than it sounds, and the extra work necessary has largely already been taken care of by the Public Cloud providers. And it should now be obvious that Private Clouds are by no means inherently more secure than Public ones.

But there’s a bigger lesson here. Security is all about risk mitigation, and it’s simply impossible to reduce your risk to zero. There’s no such thing as perfect security, which is another way of saying that perfect security is infinitely expensive. Risk mitigation involves weighing acceptable risks, given the nature of those risks and the cost involved in mitigating them. When you deliberate on the question of Public vs. Private Clouds, keep in mind that both approaches are inherently risky - but then again, choosing neither is also risky. Your job is to get the necessary facts in order to make the best decision you can about which risks you are willing to accept. Confuse FUD with facts at your peril.

More Stories By Jason Bloomberg

Jason Bloomberg is a leading IT industry analyst, Forbes contributor, keynote speaker, and globally recognized expert on multiple disruptive trends in enterprise technology and digital transformation. He is ranked #5 on Onalytica’s list of top Digital Transformation influencers for 2018 and #15 on Jax’s list of top DevOps influencers for 2017, the only person to appear on both lists.

As founder and president of Agile Digital Transformation analyst firm Intellyx, he advises, writes, and speaks on a diverse set of topics, including digital transformation, artificial intelligence, cloud computing, devops, big data/analytics, cybersecurity, blockchain/bitcoin/cryptocurrency, no-code/low-code platforms and tools, organizational transformation, internet of things, enterprise architecture, SD-WAN/SDX, mainframes, hybrid IT, and legacy transformation, among other topics.

Mr. Bloomberg’s articles in Forbes are often viewed by more than 100,000 readers. During his career, he has published over 1,200 articles (over 200 for Forbes alone), spoken at over 400 conferences and webinars, and he has been quoted in the press and blogosphere over 2,000 times.

Mr. Bloomberg is the author or coauthor of four books: The Agile Architecture Revolution (Wiley, 2013), Service Orient or Be Doomed! How Service Orientation Will Change Your Business (Wiley, 2006), XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996). His next book, Agile Digital Transformation, is due within the next year.

At SOA-focused industry analyst firm ZapThink from 2001 to 2013, Mr. Bloomberg created and delivered the Licensed ZapThink Architect (LZA) Service-Oriented Architecture (SOA) course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, which was acquired by Dovel Technologies in 2011.

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting), and several software and web development positions.

CloudEXPO Stories
The precious oil is extracted from the seeds of prickly pear cactus plant. After taking out the seeds from the fruits, they are adequately dried and then cold pressed to obtain the oil. Indeed, the prickly seed oil is quite expensive. Well, that is understandable when you consider the fact that the seeds are really tiny and each seed contain only about 5% of oil in it at most, plus the seeds are usually handpicked from the fruits. This means it will take tons of these seeds to produce just one bottle of the oil for commercial purpose. But from its medical properties to its culinary importance, skin lightening, moisturizing, and protection abilities, down to its extraordinary hair care properties, prickly seed oil has got lots of excellent rewards for anyone who pays the price.
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected path for IoT innovators to scale globally, and the smartest path to cross-device synergy in an instrumented, connected world.
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of the world’s largest data centers. Click here to schedule a meeting with our experts and executives.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understanding as the environment changes.