In brief, public clouds utilize shared infrastructure, while private clouds utilize an organization’s own infrastructure.
Private clouds - sometimes referred to as a data center - reside on a company’s own infrastructure, typically firewall protected and physically secured. Mature organizations that have heavily invested in on-premises infrastructure frequently leverage that investment to create their private cloud. Although this offers a big financial benefit private clouds must still be supported, managed, and eventually upgraded or replaced. The onus for security in a private cloud falls squarely on the organization’s shoulders, from physical security to encryption to network and cybersecurity. Since private clouds are typically owned by the organization, there is no sharing of infrastructure, no multitenancy issues, and zero latency for local applications and users.3 Ways to Make Cloud Your BusinessLearn More
Public clouds alleviate the responsibility for management of the infrastructure since they are by definition hosted by a public cloud provider such as AWS, Azure, or Google Cloud. In and infrastructure-as-a-service (IaaS) public cloud deployment, enterprise data and application code reside on the cloud service provider (CSP) servers, which can be shared in a multi-tenant environment with other organizations’ IT resources. Typical use cases for public clouds are as a backup and archival medium for enterprise data, to support business continuity initiatives, offloading front-end web applications to lower latency to global users, and to support ‘cloudbursting’ of IT resources so that when demand for a particular application increases additional instances of that application can be rapidly spun up at the CSP, eliminating the need for a business to over-provision their on-premises infrastructure to handle sudden spikes in demand. Although the physical security of hyperscale cloud providers such as AWS is unmatched, there is a shared responsibility model that requires organizations that subscribe to those cloud services to ensure their applications and network are secure, for example by monitoring packets for malware or providing encryption of data at rest and in motion.
There are several analogies for public and private cloud, such as
In its simplest, a private cloud is a service that is completely controlled by a single organization and not shared with others. While a public cloud is a subscription service that is also offered to any and all customers who want similar services. As with cable one client’s information is not shared with others; in a public cloud each ‘tenant’s’ information is isolated from others.
Every organization’s data is stored separately from other companies when in the public cloud; this is one of the key concepts of multi-tenancy. However, major cloud provider agreements outline a shared responsibility model, where the CSP is responsible for physical security of the data and the subscriber is liable for the logical security (encryption, cybersecurity, authentication, identity and access management). In any case, there are several scenarios where private data might reside in a public cloud.
Data protection is a prime example. There are many cloud-based data protection providers who store a company’s backups and snapshots in the cloud. Some of these providers utilize their own cloud; other rely on inexpensive object storage available from providers like Amazon S3. These backup providers are responsible for ensuring the security of the data entrusted to them.
When choosing a public cloud provider, organizations should ensure that the data stored with the CSP contractually belongs to the subscriber, not the CSP. Also, if the data is volatile and will be moved between public and private cloud, care should be taken to ensure that egress fees for exporting data from the CSP will not impact the cost effectiveness of utilizing a cloud provider in the first place.
Typically, enterprise data bases and systems of record for large enterprises continue to reside largely in the private cloud. Subscribers should also ensure that their security policies can extend to cloud providers, that the cloud provider service level agreements (SLAs) meet the needs of the organization’s users, and that regulatory compliance issues such as PCI, HIPAA and GDPR are properly addressed.
Private clouds offer many advantages due to their provenance and autonomy being ‘owned’ by a single entity. Foremost is the high security offered by a private cloud. On-premises clouds can offer the highest degrees of privacy, since enterprise authentication can ensure access is granted only to those who need it. There is also the advantage of the lowest possible latency since resources are all co-located in the private cloud data center.
The top drawback to private cloud is the inherent costs required to procure, configure, maintain, and upgrade hardware and software. Training expenses can be another major bottom-line impact for private cloud deployments.