In the last several years, few technologies have revolutionized enterprise IT the way cloud technology has. A vast ecosystem of cloud-based infrastructure, platform, and application providers have made it easier and more cost-effective than ever before for businesses to consolidate and streamline their operations, mobilize their workforces, and scale up—or scale out—their computing initiatives. But the rapid growth and incredible diversity of the cloud technology marketplace can cause confusion. In today’s post we’ll cover the basics of the public cloud and its pros and cons.
What is the public cloud?
A public cloud is one based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet. Public cloud services may be free or offered on a pay-per-usage model.
Pros of the public cloud
For businesses, one of the most compelling benefits of the public cloud is the affordability of many cloud services. The economies of scale enable cloud service providers (CSPs) to provide infrastructure and applications at a fraction of the cost that organizations would have to pay for an on-premises equivalent. The economies of scale—and the customer contracts at stake—also mean that CSPs are usually able to troubleshoot and resolve performance or connectivity problems much more quickly than a typical business’s IT staff could do for on-site deployments. Their businesses depend on the performance of their offerings, after all. Finally, scaling up or scaling out a public cloud infrastructure, platform, or application is usually simple, instantaneous, and, again, cheap—or at least much cheaper than doing the same in-house would be.
The main benefits of using a public cloud service are:
- Easy and inexpensive set-up because hardware, application and bandwidth costs are covered by the provider.
- Scalability to meet needs.
- No wasted resources because you pay for what you use.
Cons of the public cloud
Public cloud technology does have its downsides, many of them related to security and regulatory compliance concerns. Enterprises often hesitate to adopt public cloud infrastructure or applications due to the loss of control over data security that the public cloud entails. At the end of the day, your data is being stored in a third party’s facility, and you’ll have little to no control over how your CSP chooses to protect it. The recent data breach headlines have cast much doubt on the security of data stored by even the largest CSPs, especially when it comes to surveillance done by government agencies. The NSA, for example, was exposed as having compelled several major CSPs, including Google and Microsoft, to turn over customer data without the customers’ knowledge. The NSA also successfully infiltrated Google’s data centers themselves to intercept information as it moved within the Google internal network.
Addressing security issues in the public cloud
So does this mean the public cloud can’t, or shouldn’t, be used – absolutely not! The public cloud has allowed enterprises to enjoy unprecedented levels of flexibility, scalability, and accessibility, without which they may lose key competitive advantages. Major CSPs like Salesforce, Google, and Microsoft already provide high levels of security, and many have beefed up their security even more in recent months, adding additional encryption and authentication measures to prevent breaches.
CSPs’ businesses depend in part on their customers’ trust, after all, and they have stepped up to the task of keeping that trust. Still, where enterprises can add an additional layer of security to their data, they should. In any secure public cloud initiative, encryption and tokenization will play key roles. Augmenting CSP-provided data security with persistent encryption that begins at the enterprise perimeter and leaves the encryption keys in enterprise hands will maximize the protection of sensitive data. While Tokenization replaces a piece of data—a social security number, for example—with a randomly generated “token” that is structurally similar but mathematically uncorrelated to the original values. The tokens can then be transmitted to cloud applications, while the actual data remains in a secure database behind the enterprise perimeter. In this way, tokenization helps to maximize the ways an enterprise can safely use public cloud technology.
The public cloud has swept the enterprise, and for good reason. There’s a platform or service out there to suit the needs of businesses both large and small, across every vertical. And despite some FUD around data security, the fact is that solutions do exist to address security objections to public cloud technology. With the proper planning, policy, and implementation of encryption and tokenization on both the client and provider sides, the public cloud can bring dramatic benefits to the organizations that use it.