Almost anything one reads about the private versus public cloud debate contends that for enterprises with large amounts of data that requires strict security, the private cloud option is the way to go—that public clouds cannot and do not offer the protections that a private cloud enables. Then again, if one looks closer at who is making the statement about private clouds and their tighter security, it’s often from the vendors who are advocating private cloud solutions—and from the end users who believe in the idea because that is how it has been presented. But to what degree are private clouds more secure than public if one takes a general “one size fits all” approach to the question—if there can be such a thing?
The vast majority of writing on the public versus private debate contends that private clouds provide more control over access and data protection but as George Reese noted, this is a “myth” is “complete nonsense.” Reese argues that “some private clouds are more secure than some public clouds some public clouds are more secure than some private clouds. In some cases, no one really knows.”
Reese puts forth the argument that the key to security is transparency and suggests that if we operate under the false assumption that a private cloud provides complete transparency (which as he notes, private clouds still have some opacity) we are overlooking the nuanced nature of private and public clouds. He states, “total knowledge about a private cloud guarantees neither that it is secure nor that we are even competent to judge that knowledge with respect to security”
Many will defend the private cloud until the end, especially with the growing body of literature supporting their status as the more secure option. After all, when it comes to having less control over the location and infrastructure (at least theoretically) that shouldn’t have been a tough sell to companies who were well aware of potential security issues when they made the decision to deploy a cloud model for some or all of their operations. Reese argues that CloudAudit and other related services are the best way to get a direct view into the questions between public versus private on a more specific level but in the meantime, there should be more consideration offered to the actual improved security of the private cloud versus public in more forums and debates.