Thursday, 6 May 2010

Security and the Public Cloud

Should we panic, or is it much ado about nothing?

I had the pleasure of meeting and speaking with a number of Rackspace customers at a recent customer event, and unsurprisingly, the big topic that all of them wanted to talk about was the Cloud. What is the Cloud? What’s the difference between Public and Private Cloud? What’s all the fuss about, and can I really host my data on the Cloud without it being hacked and compromised?

Firstly, just what is the Cloud? Well, it’s certainly nothing new. Many of us have been happily using the Cloud for some time now, but without realising it. Do you have a Hotmail or Gmail account? If so, your email is hosted in the Cloud. The simplest definition of public Cloud is that it is a shared computing resource or service, accessed via the public Internet and paid for on a utility basis (i.e. hourly).

The concept of utility computing is not a new one – it was originally suggested back in 1961 by John McCarthy at MIT. He had the idea that one day computing power and specific applications could be sold through the utility business model. This was an idea that faded in popularity during the 1970s when it became apparent that the technology of the day could not fulfil this dream. However, in the 1990s, the rise of application service providers (ASPs) proved that this concept could become a reality. As the speed and reliability of the public Internet improved, more people started using Software as a Service (SaaS) offerings, such as SalesForce and hosted email platforms. The concept made a lot of sense – why purchase the hardware and software licenses and employ a team to build and support an infrastructure when you could simply pay a third party a low monthly fee and get a readymade service, often complete with support?

Private Cloud is very different to Public Cloud – Private Cloud is simply another term for server virtualisation. Offering the security of dedicated servers, but with a cloudiness in terms of flexibility when creating and deleting virtual servers and adding capacity combined with the ability to customise the infrastructure. A simple metaphor that explains the difference between Private and Public Cloud is that Private Cloud is like purchasing a house, or apartment. You pay for it on a reasonably expensive, long term basis. You can customise it – knock down walls, redecorate, change the curtains. But at the end of the day, it’s the place you go to eat, sleep and live. Public Cloud is like a hotel room – you pay for it on a utility basis, and while you cannot customise your environment, change the curtains or redecorate, you can do most of the same things that you would want to do in your house.

So what’s all the fuss about, and can you safely host your data in the Cloud? Well, the main reason for the fuss is the global recession. Everyone wants to cut costs, and reduce their operating expenditure, and the Cloud is one such way to do that. For start-ups, it’s a great way to get a business going for little to no initial investment, so many Venture Capitalists may see the number of start-ups approaching them start to dip. For existing businesses, it allows them to reduce capital expenditure and host a website, email solution, share documents or access applications like CRM systems with minimal operating costs.

Is the Cloud secure – should you be worried about the security of data stored in the Cloud? Really, is anywhere truly secure? With government agency websites and global software companies being hacked and compromised, it’s apparent that if a hacker wants to access your data, they almost certainly will get to it. Security in the Cloud is not a new fear – as long as you’re sensible around what you store and how you store it, you’ll be fine. For example, don’t store completely confidential, critical data in the Cloud. Use encryption for any data that you’re storing in a Cloud solution; install and configure software firewalls on any Cloud servers; install anti-virus software and configure regular scans. Essentially, treat the Cloud the same way you would a server in your office. Take the necessary precautions to protect your data, and ensure you’re using the right tool for the right job.

Security in the Public Cloud is not a new concern. It’s just regular IT security for data stored in a different location.

No comments:

Post a Comment