Private, public or hybrid cloud? Security should dictate the choice

First up is Gartner analyst Thomas Bittman, who argues that the world is not going to be neatly divided into separate private and public cloud services going forward. “To maximize efficiency and take advantage of publicly available cloud services, we’re going to merge them together,” he said. “Private clouds, in particular, will not stay simply ‘private’ for long – Gartner expects most private cloud services to become hybrid. Minding the gap is key – planning for it, balancing isolation and value, leveraging it – hybrid will move from the realm of hype and vendor cloud-washing to reality in the next few years.”

Gartner defines a hybrid cloud as a cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers.

“This definition is intentionally loose, because there really are a lot of interesting edge exceptions, and rather than draw a tight boundary around what is, and what isn’t, this seems to get to the central point of the matter well enough,” Bittman said.

For example, hybridization could become useful when a private cloud service needs to expand its capacity – it can do that by temporarily tapping into a public cloud service (or perhaps a different private cloud service offered by a third-party provider). “It allows you to balance your privacy [and presumably security] needs with additional capacity and capability needs,” Bittman said.

But Roelof Louw, cloud expert at T-Systems, says that hybrid approaches cannot offer the level of lockdown needed in the entreprise space. “The two differentiating characteristics of the private cloud is its delivery of tight security controls and service level agreement (SLAs),” wrote Louw in a new blog on the subject. “It is what sets it apart from the public and hybrid clouds.”

It is also these characteristics that should form an important role in any organization's decision-making when deciding on what cloud route to follow, particularly when it comes to industry-regulated compliance, he added. “Your cloud provider should therefore be able to offer security as part of its solution proposition.”

IDC itself said that the private cloud is the closest option to a virtualized infrastructure, which offers better controls. "The decision in the next year or two will only be about the private cloud,” said Eric Domage, program manager for the EMEA software and service group at IDC. “The bigger the company, the more they will consider the private cloud. The enterprise cloud is locked down and totally managed."

Private cloud may be the best option for security, said Louw, but it would be “arrogant to declare any infrastructure or service bulletproof against security onslaughts.”

The private cloud offers storage and business continuity that meets all the necessary security controls and more, but the flaw in any private cloud service's armor is the web. “It is the one constant faced by IT services and customers across the globe,” Louw said.

Security should also not be seen merely as protection but also as essential in developing and growing a business, he argued. “It is an important enabler of successful business operations and also allows organizations to conduct business with their clients and supply chains in a secure manner,” noted Louw. “The private cloud is therefore not only safer, but an important cog in the business engine room. It makes sense, improves company agility and saves on costs. It is the future.”

What’s Hot on Infosecurity Magazine?