Next week (the 15th December), I’m going to give a talk about cloud security on the “Public, Private & Hybrid Clouds” BrightTalk Summit. There are surprisingly many talks that focus on cloud (in)security – although after all it isn’t too surprising given the fact that security is the key issue when comparing public against private cloud infrastructures.
Guy Churchward, LogLogic CEO did an interesting post on this subject and Gartner defends that private is the way to go. I am wondering if this opinion has become a consensus or if there are still public (sic!) defenders of the public cloud? I hope that the users of Amazon EC2 and Salesforce raise their voice and that we find more use cases than the usual ones like testing, not sensitive data, marketing campaigns, non-critical business processes and so on.
I think we can associate the threats and risks of cloud computing with the following root causes (admittedly this is a simplification):
- resource sharing
- infrastructure volatility
Private clouds solve the first two: (1) they increase trust and allow full visibility and control over the infrastructure and (2) they are not exposed to side channel attacks. Hope to interact with you at the summit and if you already have a favorite topic or questions on the subject do not hesitate to drop a comment. I might include it in the presentation.