Public vs. private cloud – which is best for you?

It’s the debate going on in many government offices and private companies. Should you go with a public or private cloud? Which is better for your organization?

76 percent of IT decision makers in a recent Info-Tech survey say they are looking initially at private cloud options for their first go in the new arena. 33 percent say they will look only at the private cloud.

While a private cloud may seem like the best idea to get your feet wet is that the best way to go? Experts tell Network World “a better approach is to evaluate specific applications, factor in security and compliance considerations, and then decide what apps are appropriate for a private cloud, as well as what apps can immediately be shifted to the public cloud.”

John Sloan, lead analyst with Info-Tech Research Group, tells Network World he understands why some organizations may gravitate to the private cloud for security reasons but, he cautions, private clouds aren’t necessary for every company or for every bit of data.

And if you feel the need to be in a private cloud but don’t have the resources for it, there are other options out there as well, like virtual private clouds. In an interview with Network World, Brandon Gage, senior vice president of technology for United Capital Financial Partners, says using a virtual private cloud has saved his company 65-70 percent in the first year alone.

So, do your cloud homework and decide what’s best for your organization…it may not be the same as your neighbor.

Security pitfalls and concerns with public clouds

We continue our conversation with Vince Vasquez of Cloudbook.net.

Today he tells us about some of the challenges that come with the cloud, as well as some of the benefits.

Fed Cloud Blog: What’s the importance and relevance of having everyone on the same page when it comes to the cloud?

Vince Vasquez: At the consumer level, it doesn’t matter. If I’m a consumer running, say, Google’s gmail, I don’t really care what computers are being used.

That’s part of the beauty of cloud computing. It just simplifies the use of the application for the end user. You just log on and use gmail.

But, if you’re trying to implement cloud computing, then it’s extremely important because you need to know all the pieces required to build your cloud, and who are the players so you can create the most appropriate cloud implementation for your needs.

That’s why creating a place where all those experts and leaders can share their knowledge [means] you can educate yourself on — what is cloud computing? What does this person think? What does that person think?

Then, from that, you can make your own decisions of what are the most appropriate pieces for your own cloud.

FCB: Have you discovered any major pitfalls when it comes to the cloud or trying to move to the cloud, or even trying to gather information about the cloud?

VV: Well, there are definitely pitfalls.

For one — networks. If the network goes down, you’ve lost your cloud.

But, probably more realistically, the network can get bogged down, so you’re access to the cloud can get severely limited and we all know how frustrating it can be hitting a stroke on the keyboard and having to wait for a response.

Also, it is a shared environment, so the computer storage resources can get oversubscribed. So, again, your performance can degrade.

And then third, because it’s a shared environment, you’ve also given out your security control to the cloud provider. So that means, for instance, the provider could update all the software on the cloud and you could be quite happy with what you’re currently running.

Given that you’ve given up security control, that is another potential pitfall that you might want to have better control over.

FCB: Do you — with your personal experience aggregating all of this information — find that now the onus of security is even more on the IT manager than before in terms of operating within the cloud?

VV: Security is definitely the hottest cloud issue out there.

After all, your company’s data could be sitting out there on someone’s cloud and — what assurances do you have that you’re the only one that has access to that data?

Cloud providers do take security seriously.

One customer of mine has a security policy that’s almost 1,000 pages long. In addition, there are certifications . . . and audits that a provider includes in its stated policies.

[One can also] implement a lot of tools to beef up security, like intrusion detection that can spot if someone is trying to hack in the cloud from the outside.

Part of sharing content is to share what people are saying about what they’re doing in security — both in best practices and what applications and tools are out there to help beef up security; however, security is dependent on on architecture.

As we’ve seen with the Windows operating system that if the architecture is vulnerable, there are smart people out there who can find ways to break in.

Also, if you use a public cloud, the penalties for if someone breaks into your data are pretty minimal. Service Level Agreements tend to have penalties in line with paid usage.

So, if you’ve paid, say, $1,000 for cloud usage, but your company’s IT was stolen from the cloud that you feel is worth millions of dollars, you’ll be compensated more in line with the $1,000 you’ve paid rather than the millions the IT is worth.

It’s probably a bit early for companies to move their most private data to the public cloud, but there’s certainly a host of other applications they can move to the cloud now.

For enterprises that want to build private clouds within their own data centers, they can certainly move their most secure applications to those private clouds.

Former CIA IT guru: Everyone starting to learn about cloud

Listen to more of our chat with Bruce Hart.

---

Today we continue our conversation with Bruce Hart, COO of Terremark’s Government Group.

We left off discussing security, so we’ll start back up there:

On security and 100% protection

I don’t think anybody would be fool hearty enough to offer a 100% service level agreement (SLA) of a virtual machine sold as a service that is absolutely foolproof. What you do is basically multi-level security.

One of the things we do with Terremark’s enterprise cloud offering in the federal space, is we actually host it in a data center who’s security level is equal to that at Langley, Virginia or any good military base. We have armed guards, we have 200-foot setoffs, we have fences and all of the same features that any federal institution would require. In fact, we host classified organizations inside our data center.

Then, inside that, you have logical security. You run physical data centers that are essentially lights out — there’s no human access to the actual hardware. All of that’s highly controlled.

Beyond that, you do all of the things that are software-based, or otherwise hardware-based that are about information security. You do malware analysis, digital forensics, vulnerability assessment penetration testing, manage firewalls . . . the list goes on and on.

Public cloud v. Private cloud

There is such a thing as a public cloud.

[Terremark] has an offering called Virtual Cloud Express — or VCloud Express. It’s essentially a commodity cloud, much like Google’s or Amazon’s. You pay as you go, you take reference to shared resources, you don’t have much knowledge or concern about where those resources reside physically. The utility platform is enterprise-class. You sign it with a credit card, there’s no minimum, there’s no contract — you buy it by the minute or by the hour and use it as you will.

In my opinion, most federal agencies are not going to find a lot of utility in that kind of cloud computing. It’s just too risk-laden. It’s too amorphous. They’re not going to put their core missions on that kind of a platform — but there’s a different kind of cloud.

In Terremark’s case, it’s called the enterprise cloud, which is essentially a virtual, private cloud with a dedicated resource pool and the ability to burst above the amount of resource that you have bought. It has a physical device and private network integration. It supports multiple operating systems and I can take you into our data center and point to where it actually lives. So, we serve this up out of a physical fortress.

In fact, we have now moved beyond the dot gov phenomenon . . . at Terremark Federal Group and have recently been selling cloud as a foundation for actual production services inside large federal agencies. So, it’s beginning to happen.

Why everyone — not just IT managers — should learn about the cloud

I think mission managers and executive level decision makers all over the federal government are learning about it as we speak.

I’ve never seen so many symposiums dedicated to a single topic.

Vivek Kundra, the federal CIO, has been a change agent and an advocate for cloud computing from the federal perspective, and is acting in very — I think — effective ways to begin to push the message into federal decision making.

Again, it has a long way to go, but there are many opportunities for federal decision makers to learn about the cloud, to asses and weigh the risks versus the benefits, and — at the end of the day — they can come to a company like ours and just get it for free for 90 days, load it with whatever application they want and kick the tires.

There’s a lot of learning to be done, but it’s well underway.