From a security perspective, both public and private cloud networks offer organisations a level of protection that in-house servers cannot achieve. This comes, primarily, from having all your applications and data stored remotely in the cloud so that nothing is kept on individual machines. As a result, the threat of employees stealing or losing data is reduced and, if a device gets hacked, the potential for damage is significantly lessened.
The other advantage of the cloud is that it gives organisations greater management control over their security. Data can easily be backed up and encrypted and strict access management policies can be put in place to prevent unauthorised users accessing sensitive information.
However, whilst both types of cloud offer improved security, many organisations are still unsure whether to opt for a public or a private cloud. In the rest of the article, we’ll look at some of the main considerations companies need to make when deciding which cloud option to choose.
1. Security requirements
Essentially, private clouds are more secure than public clouds, providing increased control over the data management system. Your data is securely stored, encrypted and monitored behind a firewall in a system that, unlike the public cloud, is not shared on a multi-tenancy basis with other users.
This makes it the ideal solution for organisations which have to comply with legal obligations regarding data protection and privacy. If your organisation collects and stores sensitive personal information then the private cloud offers the most secure solution for your needs.
Whilst safeguarding personal information is an important consideration, it’s not the only one. Your business may store other data which you may prefer stored in a private cloud: legal documents, patent ideas, business development plans, etc. You should carefully consider your security requirements before making a decision on which is the best type of cloud for your organisation.
Migrating to the cloud is not always straightforward as some of the applications you use may not work as well, or at all, in a cloud environment. You may need support in terms of finding new software or updating existing software to make it compatible with the new system. You may also need support when configuring your cloud network.
Many organisations choose to only move part of their system into the cloud and others prefer to use a hybrid cloud (a combination of both private and public). With both these options, you will be creating a system with a significantly more complex architecture. You may need support here to ensure that all the elements of your new system can work together effectively and that data remains secure.
The big advantage of the public cloud is its ability to offer unparalleled performance and scalability. If you need increased CPU, bandwidth, RAM or storage it can be accessed immediately by giving you access to other servers on the provider’s network.
If you opt for a private cloud, it means you have chosen not to access the publicly available servers that offer this capability. You will still have the ability to increase capacity within your own private cloud, but this will be on a smaller scale.
One of the advantages of the hybrid cloud is that it gives both the security of the private cloud and the capacity of the public. If you opt only for the private cloud, you will need to consider your capacity requirements carefully before deciding upon the package you want.
The advent of public clouds has made anytime, anywhere computing a reality. Underpinning that availability is the fact that public cloud providers can pretty much guarantee 99% and above uptime. They have failover servers, redundant off-grid energy supplies and multiple mirrored servers in different locations to ensure a swift recovery should disaster strike. And to make sure it rarely does, they have the most advanced monitoring systems in place to make sure that their servers are running optimally.
All this is available to hosted private cloud users too. However, there is a slight difference with the monitoring. As a private cloud can be set up and configured differently to a public cloud, it may need to be monitored independently – which can result in extra charges.
For self-hosted private clouds, guaranteeing availability can mean a significant capital investment in IT.
5. Location of the data centre
If you are an organisation that collects and stores the personal information of EU citizens, then the location of your cloud host’s data centre (and backup data centres) has recently become an important issue. Until October 2015, the Safe Harbour Agreement ensured that EU personal data stored on US servers would be kept secure. However, as the US government now insists it has a right to access that data for national security purposes, the European Court of Justice has ruled that the Safe Harbour Agreement is no longer valid.
As a result, any organisation which stores EU citizens’ personal data on US servers is no longer deemed to be adequately ensuring that data’s safety – a requirement of the Data Protection Act. This includes UK businesses which use web hosts or cloud services that store or backup their data on US based servers.
6. Monitoring activity
As public cloud hosting involves users sharing the resources of the cloud’s data centre, the management and monitoring of the system is undertaken by the Web hosting company. This is especially important to make sure that resources are allocated in a way that allows users to scale up if there is a peak and to protect against errors which could lead to downtime. Cloud vendors will also monitor the security of the system by using intrusion detection and prevention software to secure against hackers.
Individual organisations should continue to monitor their own operations so that they can assess how well their individual apps are operating and make operational decisions. It is also important that they monitor their own systems for security purposes.
You will find that cloud vendors will offer monitoring services for both private and public cloud users, allowing them to keep track of a wide range of activities and to send regular reports and, if needed, alerts. There are also many monitoring and security apps available which organisations can use to monitor their cloud-based systems in-house.
Cloud-based systems offer high-level security to their users. However, for those companies which require high-level security for compliance with the Data Protection Act and for other legal obligations, private clouds provide the safest solution.
By opting for a private cloud, organisations can lose some of the flexibility and scalability that public clouds have to offer – and the financial efficiencies they bring. The ultimate solution is a hybrid cloud, which enables both increased security and scalability; however, this will require careful migration planning to ensure that the separate elements of the new system are fully integrated.
Before choosing a cloud hosting vendor, organisations should carefully evaluate how secure their applications would be on the different packages available. Some vendors provide much more robust security than others.
If you are considering migrating all or part of your system to the cloud, take a look at our highly secure cloud hosting packages. All our data centres are located within the UK.