Although cloud computing is relatively new, there is already a separation between the private and public cloud. Between the two there are several differences to be aware of. The phrase "cloud computing" has become ubiquitous. But even within the cloud universe, there exists a distinction between the "public cloud" and the "private cloud." And, within the distinction, there are several key differences. Beginning with a definition of each, this brief post will discuss some of the security risks inherent in cloud computing technologies, and will briefly touch upon the implications posed by the recent disclosure of the National Security Agency's PRISM data mining program. With the seeming migration of every type of computing application to cloud-based technology, it's importance cannot be understated, and should not be ignored.
The public cloud is owned and managed by service providers; in other words, a company wants to do cloud computing, but does not want to own and manage a hardware and software infrastructure. That company can turn to a cloud service provider (examples: Amazon Web Services, Rackspace, BMC and IBM to name a few). There are also specific software applications that reside in the cloud. Salesforce.com, the most widely-used CRM (Customer Resource Manager), is a cloud application. Users buy no hardware or software other than the computers they use.
The private cloud, on the other hand, is owned and maintained behind the firewall of the enterprise. For example, a financial institution may want to maintain control over its customer data, but still allow an online banking function, where business users can access data without loading software onto their computers. Rather than enlist the services of a public cloud provider, which the bank may feel is too risky, it might maintain its own infrastructure. The private cloud is designed, at least in theory, to be more secure. In fact, the private cloud can exist completely disconnected from the Internet, making security breaches by mercenary hackers unlikely, if not impossible. Another type of private cloud is gaining in popularity - one where the public cloud service provider dedicates a server, or many servers, exclusively to one client. With this system, a breach of security within the public cloud would not affect that specific client.
Some would argue that the private cloud provides the highest level of security, but it does still have its disadvantages. For one thing, a disgruntled IT employee could really gum up the works, or use his or her knowledge of the infrastructure in a malevolent way. The private cloud might not have the world class firewall protection that the major public cloud providers employ. Even within financial institutions, there have been some high-profile security breaches. Public cloud providers have also had their instances of hacker invasions, though, as a rule, they do not publicize these incidents. Typically, the only people informed of a hacker invasion are the clients whose information may have been compromised. However, they generally do a very efficient job of disabling threats once they are detected.
Looking at Clouds through the Prism of 'PRISM'
With the recent disclosure of the existence of the National Security Agency's PRISM program, awareness of the delicate state of our privacy (as well as some paranoia) has risen to a new level. However, it should be noted that a key component of PRISM was voluntary sharing of information, not hacking. Still, this does little to allay the fears of privacy advocates. The fact is, information is out there, and it's available in a quantity and quality that was previously impossible to obtain. To some, PRISM represents the ultimate manifestation of the Orwellian nightmare, made possible in large part by cloud-based interactions and data storage. Overall, it's indisputable that cloud computing has had a positive impact on our quality of life (remember that the next time you download a book right before bed time), but in the absence of assured protection of privacy and proprietary information, the next cloud on the horizon could signal an approaching thunderstorm. Photo Credit: LuxTonnerre via Flickr.