Are Private Clouds More Secure than Public Clouds – The Great Debate
Consider the language “public cloud” and “private cloud.” This alone seems to answer the question of security – wouldn’t a private cloud automatically be more secure than a public one? This conventional wisdom is the digital equivalent of an optical illusion. The true answer is, “It depends!”
Before you spend the time and expertise to create a private cloud, take time to understand what security in the cloud really means. You may be surprised at the truth that you uncover.
Private Cloud Security Benefits
You may believe that private clouds are secure because there is limited access. It makes sense — the fewer people to access a cloud platform, the more secure it becomes, right?
Once a cloud becomes a cloud, public or private, it is open to the same security risks as any other cloud. The number one security feature in any private cloud is its obscurity. All else being equal, your private cloud is more secure because fewer people know it is there. However, potential access to your cloud platform becomes a more realistic threat the more business your company engages in.
What’s different in a private cloud is the ability to incorporate unique security features. A private cloud can satisfy data retention, compliance and security measures that a public cloud simply cannot. This depends however largely on the competence of your in-house staff and/or the expertise of your technology provider. Private cloud gives your business the ability to tailor its security to its specific needs, but you need to act accordingly. A public cloud on the other hand naturally broadens and possibly dilutes its security feature set to cover a wider spectrum of clients.
Additionally, private clouds don’t suffer from a shortage of resources due to a traffic spike from a neighbor client. Working with a dedicated security server and network ensures that every bit of security you pay for is focused directly on your resources. Nor will a neighbor client ever open your data pathways up to a possible breach because of its mistakes. There are no neighbors to worry about!
Finally, any problems that do occur tend to be solved faster in a private cloud network. Even if you do not have the appropriate security staff on hand, you still have the option to work with your private cloud provider who knows your environment, and can give you advice not only on your security needs but also on your business requirements.
Private Cloud Security Drawbacks
With the advantages of a private cloud, there are definitely some disadvantages as well. The first disadvantage has to do with a huge misconception about the strength of so-called “private” security. The phenomenon is known as perimeter complacency — or thinking that a firewall and email security solution provide adequate security for an enterprise. If your employees use email or access the Internet, they can easily download malware or ransomware through their phones or an errant email. Strong measures are necessary to protect against not only the threats you can predict, but also the ones you can’t. Cybersecurity is continually evolving. Security coupled with data management and backup/disaster recovery ensures that a private cloud works the way you expect it to.
This leads directly into the next disadvantage of a private cloud — the possibility that your company lacks the expertise to create the cloud you envisioned. The most advanced tools do not necessarily mean that you have the most advanced protection. You can buy a Formula One race car tomorrow— does this mean that you can win a Formula One race? No! A professional driver in a Dodge Charger would be able to beat you. Why? Because he is trained to use his tools and you are not. If you choose private cloud, make sure you have a partner with experience in this space, and can give you the personal attention you need for your business and technical requirements.
Another drawback of private cloud can be patching. Unless you are Apple or Facebook, you may not have the team to stay on top of patches needed for security. Cyber criminals continue to take advantages of these gaps to get to your data and corrupt your business. With private cloud, you either need to have a team that keeps on top of these patches or work with a managed service provider that does this for you.
Finally, consider if your private cloud can keep up with the latest technology or if it needs to. Think about the data you are putting on your private cloud. How are you protecting it and how often you can afford to update security? Think of it this way — your old laptop from 2005 may work perfectly, however it is more vulnerable because you simply cannot install the latest security features. Public clouds may have an advantage over private clouds in this area, because they share the cost of upgrades. As a result, they are able to continuously improve their security.
Public Cloud Security Benefits
That’s right — the public cloud usually has more up-to-date security features than private networks. Because the public cloud receives consistent revenue from many clients at once, it is basically crowdfunding its upgrades. Each client only takes on a small percentage of the cost of these upgrades. This is a huge benefit for businesses without the budget for upgraded security hardware or ongoing software patches.
Believe it or not, public clouds also become more secure because they are attacked more. The advantage of obscurity that private clouds enjoy works only until that business grows beyond a certain capacity. Public clouds are always a target. In order to stay in business, they must adapt quickly. As a result, public clouds make it their business to stay one step ahead of malicious hackers. The proof is in the pudding — thousands of hackers have been trying to break into Microsoft Azure and Amazon Web Services for years and rarely succeed.
Along with consistent upgrades, public cloud providers also “crowdsource” the best security talent. The best cloud security experts gain personal notoriety from a job at Amazon or Microsoft, and they have an abundance of qualified applicants. As a result, these public cloud providers turn away talent at the top of their field. You probably have trouble finding just one! When you do business with the public cloud, you gain an entire team of elite security experts for a much lower price than it takes to hire one in-house expert.
Public Cloud Security Drawbacks
The drawbacks to public cloud security are the result of the scale that also provides their advantages. First, you must expect to receive less personalized service from a large cloud provider than you would running your own private cloud. AWS, for example, has thousands of clients trying to access customer service at any given time. Unless you are large and your problem is an emergency, you will probably have to wait. You may have to wait even if your problem is an emergency, and the person you finally get to address your issue will not know your technical environment or your business.
In a public cloud, the problems of your neighbor become your problems as well. As many constituents of Microsoft Azure can tell you, annoying red banner messages detailing a problem or possible security breach can be infuriating. The generalized message that “we are working to restore full capability as soon as possible” does little to allay fears. They never give a timeline, and never tell you exactly what the problem is. You basically have to trust in the security team and the business brand. There simply are no assurances.
Although a security breach of a large cloud provider is less likely, it is huge when it does happen. You give public cloud companies a great deal of personal and financial information just to sign up. When breaches occur, you are sent into panic mode. The alert may come too late for you to fully protect yourself. As a result, you have stories of huge breaches from companies like Accenture, WWE and Time Warner Cable. What’s worse, unless you are a big fish in their pond, your problems will be addressed dead last!
Business continuity is an essential component of modern business. If you lose uptime for any extended period, you risk losing current customers as well as future prospects. Keep in mind that your end-user does not care about the cloud security provider that you employ. If you have a security breach that results in customer-facing issues, your brand takes the hit. Public cloud providers will not share this responsibility, nor will you have the clout to punish them for their mistakes.
What’s Your Decision?
So which should you choose — public cloud or private cloud? The answer is still, “It depends!” Your best course of action is to match the advantages and disadvantages of each platform type to the needs of your business. These extend beyond security, to financial considerations of workload repatriation and more. Fortunately, you do not have to do this alone.
The cloud security experts at ComportSecure provide the expert assistance you need to make an informed decision about cloud security that is appropriate for your business and workloads. Do not try to DIY with your cloud roadmap. The decisions that you make today can impact you for years down the line and make or break your business. Comport can help with a dedicated service that provides experts on cloud planning and execution. We are here to ensure the safety of your data and the longevity of your professional mission.