Much of the hoopla surrounding the recent public reveal of the PRISM program, at least from an IT standpoint, concerns the future of information security in the cloud. Cloud service providers and adopters alike are concerned that government legislation could enable federal access of data that private sector corporate entities have already stored in the cloud. This concern is further exacerbated by the revelation that the CIA is already working with private CSPs, reported Wired. As of right now, there is no legislation that enables unfettered government access to data in this way, but organizations are understandably alarmed. Fortunately, private cloud solutions offer comprehensive security for the surveillance-wary, starting with integration of services into IaaS clouds.
IaaS and PaaS clouds offer more data protection and operations safeguards than do less integrated SaaS models, according to GigaOM. Because IaaS keeps data encrypted and only certain users, as determined by the adopter and not the CSP, can access it, there is no ‘back door’ that surveillance programs could go through to acquire and decode data. Additionally, as a future legal measure, IaaS clouds from third-party providers can complicate federal acquisition of data. In public clouds, there are less guarantees that data will be stored and accessed safely and only by company users.
Why critical applications are still placed in private clouds
Although opinions can differ among the superiority of private enterprise clouds or public ones, Money Control noted that private clouds are still the place where most organizations store their critical applications and data. Minor applications are deployed in public clouds, but core business and back-end applications are more often placed in private clouds. This evidence suggests that organizations and business users still have many reservations about the actual level of security that public clouds can provide. Firms worried about stratification can move their other systems from the public cloud to their private one in order to keep everything consolidated and in one place.
Business leaders like Mani Mulki, the IT general manager of ICICI bank, the second largest retail banker in India, view private enterprise IaaS clouds as providing the strongest storage and security solutions.
“For very large organizations it makes sense to go on a private cloud as the infrastructure can be shared and services dispersed to all the groups,” Mulki told Money Control. “The architecture is robust and the cost advantage is visible. It helps in offering thin computing which can be metered. The main advantage of cloud is when you can distribute the computing power on need basis and meter it for cost.”
It’s about control
Many industry analysts agree that control is the deciding factor, according to Enterprise Irregulars. Businesses choose cloud solutions based on the level of control they can live with (or without). As companies opt for more cloud-based solutions beyond SaaS, private clouds become crucial assets to maintain control over critical business functions and information. Security and privacy concerns are likely to be a defining factor in the near future of IT decision-making and a move to enterprise IaaS cloud adoption can help on several fronts.