One of the most persistent myths about the public cloud is that it isn’t — and in principle cannot be — as secure as a bare metal platform. It intuitively makes sense that an infrastructure hosting platform based on a multi-tenant model in which the underlying hardware layer is shared cannot be as secure as a private platform. After all, the public cloud is all about sharing data with a third-party vendor.
In reality, though, an experienced and diligent cloud vendor is likely to build a more secure hosting platform than most companies are capable of building in-house. That’s not to say there’s no benefit to private cloud infrastructure or bare metal dedicated servers. There are plenty of reasons to go for private infrastructure, but in the modern cloud, security per se is not one of them.
We’ve come a long way from the days of leaky hypervisors and incompetent data management from cloud vendors. Any cloud vendor worth their salt knows that the success of their platform depends on its security. Cloud vendors have invested heavily in security because they know without it, enterprise organizations would hold back from adoption.
In short, the security of a particular cloud platform depends on systems, policies, and expertise of the vendor. Exactly the same is true of any infrastructure host. There are incompetent cloud vendors and their are incompetent dedicated server or bare metal vendors. The true risk is in the implementation details, and the evidence simply doesn’t bear out the claim that public clouds are less secure than a bare metal platform.
“Cloud computing is perceived as less secure. This is more of a trust issue than based on any reasonable analysis of actual security capabilities. To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments. While cloud providers should have to demonstrate their capabilities, once they have done so there is no reason to believe their offerings cannot be secure.”
Take the example of OpenStack. OpenStack makes it possible to build secure cloud platforms, but it doesn’t make it impossible to build insecure platforms. Whether a specific platform is secure for enterprise applications depends on the processes and technologies implemented by the vendor. Enterprise organizations are responsible for taking a close look at their vendor and choosing based on a demonstrated history of excellence in secure infrastructure hosting.
As Alastair Mitchell of Huddle points out:
“When the correct security policies for preventing attacks and detecting them are implemented, attacks are no more threatening to the cloud than any other piece of infrastructure”
Private cloud platforms and dedicated servers have a place alongside public cloud platforms. Private clouds are great when an organization values maximum performance, and they’re preferable for some regulatory compliance scenarios. Smart businesses leverage each cloud and bare metal modality for its particular strengths, deploying a range of solutions to maximize the potential of their infrastructure portfolio.