Image no found Image no found
Image no found
Image no found

Choosing the ‘right’ public, private and hybrid cloud for your security needs

11 Aug 2020 | Marc Brown

Many organisations are rapidly adopting, migrating, or expanding their use of the Cloud. IT professionals value the agility, scalability and always-on aspects, but security professionals recognise the security and data governance complexities it brings.

Unfortunately, many organisations face pressure from organisational leadership to move quickly, as they are focused on business continuity needs, expected operational efficiencies, and bottom-line cost savings. This rush to adopt cloud services, potentially on the wrong cloud deployment model and insufficient controls, can become your Achilles heel.

The focus of this blog is to discuss the differences between public, private and hybrid Clouds to help you decide which type is best for your needs. The following high-level definitions can summarise Cloud models:

  • Public cloud: the cloud services are exposed to the public and is built on a shared model. Public cloud deployments are provided in most cases by global service providers, such as Amazon, Google, Microsoft, and others.
  • Private cloud: the cloud services used by a single organisation, which is not exposed to the public. A private cloud usually resides inside the organisation or could be hosted on its behalf with a trusted CSP. It must be behind an organisation’s firewall, so only the organisation has access to it and can manage it. It most aspects, private clouds, unless 3rd-party managed, are similar to on-premise deployments, requiring an organisation to support their data centre with internally skilled resources, including security professionals.
  • Hybrid cloud: the cloud services can be distributed among public and private clouds, where sensitive data or applications are kept inside the organisation’s network (by using a private cloud), whereas other services can be hosted outside the organisation’s network (by using a public cloud). Users can them interchangeably use private as well as public cloud services in everyday operations.

For organisations, the most significant deciding factors that should dictate the use of public, private and hybrid cloud deployments are data/app classification, data privacy and control (i.e., sovereignty), and access requirements, as described in the table below.

Image Not Found

Unfortunately, there are several other factors and details that must be considered beyond data centre location, cloud service management, and tenancy. Organisations also have to factor in their application stack requirements and the human resources needed (i.e., information security, network security, security operations, etc.) to secure them. Organisations need to think about asset management, governance, compliance, hiring or outsourcing, and more.

Irrespective of the cloud model your organisation chooses, your leadership team must understand that they own and must be accountable for the risk. Often organisations feel they are outsourcing the risk accountability to the cloud service provider and application vendors. This is not the case.

Don't go it alone.

Designing and deploying IT/OT systems in today's complex digital world is difficult. To help mitigate these complexities, Digital14 provides experience-built, security-vetted and industry-proven advisory, design, and deployment services, priority aligned with your business needs.

We support clients end-to-end, from developing a business-aligned strategy to defining an architecture to security and control requirements to governance and compliance automation, in addition to, helping them identify, assess and remediate cloud related risks across all cloud models. Visit Digital14/protect.

We Are Digital14

Connect with us

© Digital14. All rights reserved.