Cloud computing has revolutionized how data is shared and stored today. There are two main types of cloud computing: public clouds and private clouds. Each type has its advantages and disadvantages. Individual cloud users often opt for readily available, free or low-cost public cloud technology.
Corporate cloud users prefer private cloud technology because they gain more control over access points and complete control over data security. Where companies struggle however, is with completely securing data in their private cloud infrastructure.
The Basics of Private Cloud Computing
A private cloud is a virtualized server system that runs from private hardware and software. Users with access can connect to the private cloud anytime following corporate access protocols. Private cloud technology offers the same storage capacity as public cloud technology; however, a private cloud is typically managed in-house or by a third-party dedicated vendor. Private cloud computing can be more labor intensive, but it’s also more secure.
The Benefits of a Private Cloud
In a recent research study conducted by Trend Micro, 1,200 employees from six countries shared their experiences with private cloud security. Fifty percent of respondents resisted private cloud technology or seldom used current cloud technology due to data security concerns. Forty percent questioned the data security protocols of their current private-cloud third-party administrators.
However, in a 2011 Aberdeen Group survey, respondents who chose private over public clouds reported administrative cost savings of 12 percent annually as well as 38 percent compliance and security monitoring cost savings annually. A private cloud offers significant benefits through lower costs and improved productivity when security is properly administered. In particular, companies operating in highly regulated industries can benefit from private cloud use.
BOOK ON PRIVATE CLOUD SECURITY
Securing Your Private Cloud
Securing your private cloud is a two-step process. First, identify how security needs to change when moving from a hardware-based system to a cloud-based infrastructure. In a 2011 white paper by Krishnan Subramanian, the following top private-cloud security concerns were identified:
- Fluctuation of security needs for an on-demand server system with an ever-changing use perimeter.
- Stability of security and usage monitoring across multiple domains, departments and users.
- Inability to effectively monitor device access in the virtual environment.
- Increased risk of data leakage.
- Reduced effectiveness of existing traditional IT security solutions inside a dynamic virtual system.
Once private cloud security risks are understood, it’s then time to implement the best security practices for a virtualized data sharing and storage system. The Subramanian white paper identified a number of preferred practices:
- Private cloud security must enforce compliance with regulatory agencies including logging, controls testing, audits, activity reporting and incident response.
- Data encryption must be in place whether the data are in active use or in storage.
- When patching is necessary, data security should be flexible to incorporate these changes.
- Cloud security should be multi-faceted and multi-level, including installation of a dynamic firewall, frequent access-log inspection and traffic monitoring and use of IPS/IDS.
- A transition must be made from Mac-based device security to VM (virtual machine)-based security.
Choosing a Security Solution
You have two choices when choosing a security solution for your private cloud. You can work to customize the security system you already have in place, or you can select a system designed for use with cloud computing technology. The second option offers enhanced security because it is designed to work with a VM environment. Any cloud-specific security software should include these six critical elements (this infographic has more information).
- Intrusion detection and prevention.
- Centralized firewall management tool.
- Automatic logging and flagging of suspicious activity.
- Detection and reporting of suspicious changes to data or systems registers.
- Protection against Web-based threats and intrusions.
- Adaptive anti-malware security.
In addition to these six elements, any effective private-cloud security solution must include ongoing employee education. It is critical to also designate a rapid response team that is on call to handle urgent threats. If you follow this two-step process for identifying threats and implementing solutions, you will be able to enjoy the flexibility, improved productivity and savings a private cloud offers.
Download the 2011 white papers mentioned above to better understand cloud technology, including private, cloud and hybrid cloud systems.
White Papers on Cloud Hosting
About the Author:
Kayla LaBois spent several years working as an IT security consultant. Her latest project studied the use of Trend Micro antivirus software to secure personal and private clouds.