Over the past few years, the number of cloud based services implemented in business is increasing. However the debate continues – public cloud or private cloud. At this juncture it is pertinent to say that there is plenty of debate and anxiety about the security threats public cloud computing poses. But before we go into the details, let us have a look at the two models of cloud computing in the market.

1. Public Cloud

In a public cloud environment, the hosting vendor makes resources like application, infrastructure and storage available to customers and businesses over the internet. The services may be free or on a pay-per-use basis.

This Kind of a Model Offers the Following Benefits to Users

- It is straightforward and relatively cheap to setup because hardware, bandwidth, and application costs are covered by the hosting vendor

- It is scalable to meet the varying needs of the consumer

- No wasted resources because clients pay only for what they use.

2. Private Cloud

This model is similar to public cloud as regards scalability and self service, but is delivered through a proprietary architecture. Since this is dedicated to a single tenant it is best suited to enterprises with dynamic and unpredictable computing needs.

There is perception that private cloud is more secure than public cloud.

With cloud computing promising enhanced efficiencies, flexibility, greater agility, and less CAPEX, it has become the favored platform to procure IT services.

But cloud computing has brought with it apprehensions of threats. Cloud security is of major concern to businesses.

The security challenges cloud presents are daunting to say the least.

In particular, apprehensions are more with regard to public cloud, because in this model infrastructure and computational resources are owned and processed by an outside vendor that delivers service to the general public.

According to a survey, companies are skeptical about entrusting their data even to giants like Google, Microsoft, or IBM Smart Cloud.

Is such cynicism justified?

To Answer this Question Here are Some Interesting Observations.

Public clouds are made use by the general public and large enterprises. It is also true that public clouds are much more exposed to hacking than private clouds.But we must also remember that public clouds attract the best security tools in the market, simply because the best cloud hosting providers have millions of clients depending on them.

Moreover, we can be reasonably sure that large public cloud companies invest in getting armed with the best security gear in the market.

It is now well-known that cloud computing is a disruptive technology enabling ubiquitous, convenient, on demand use of  computing resources including networks, servers, storage, applications and services.

It is called disruptive chiefly because it has the capacity to improve collaboration, agility, scaling and availability.

With so many advantages, it would be foolish for companies to shy away from cloud, just because of certain security perceptions.The apprehensions concerning security in public cloud can be addressed in the following ways.

By Signing a Formal Service Level Agreement

The Tenant and the Cloud Service Provider Must Mutually Agree On:

- Data Backup

- Data Encryption

- Provision of Antivirus

- Notices of Breach

- Frequency of Scanning with Regard to Vulnerabilities

- Applying Updates

- Deciding Roles and Responsibilities

Even though cloud computing removes some IT responsibilities from the tenant, governance is not one of them.

Yes, it is true cloud based service providers have to produce evidence of their own compliance with SLAs and industry standards, and perhaps also undergo audit as required by the tenant, but responsibility of governance still rest with the customer.

One of the ways by which confidence can be developed between the customer and the provider is by crafting a RACI matrix.

To make matters clear, here are RACI definitions.

R – Responsible – The person assigned to do the work

A – Accountable – The person making the final decision. This individual is answerable for the thorough and correct completion of the task

C – Consulted – The individual who must be consulted before a decision is made. He or she can be a subject matter expert  

I – Informed – The person who must be informed that a decision is made

Companies must develop a clear governance strategy and management model to experience the most benefits from cloud initiatives, whether private or cloud.

The management plan must aim that cloud computing must fully exploit the opportunity to align Information Technology with the goals of the  company business. 

Controlling risks is surely one of the major considerations while moving to cloud computing.

Fortunately, both the private and public cloud providers have built upon numerous cloud deployment, risk management and governance frameworks to create a comprehensive risk management environment.

The bottom line is any model, private cloud or public cloud is only as secure as the planning and technology that goes into the data and applications.