I was in a meeting last week with a customer who started the meeting by stating that they were going to use Provider X as they wanted a hosted private cloud as it is more secure. I just sat there and said one word "Why?". This one word started a 40 minutes conversation around security, infrastructure and the terminology of cloud
There is still so much rubbish flying around about what is and isn't "cloud", but all analysts agree on one element; For something to be considered cloud (either public or private) it needs to provide a self service portal with the ability scale up and down the deployed instances as required........ just having VMWare deployed does not constitute a cloud!
The problem starts with the fact that most hosted cloud providers are just selling co-location with a leased commercial model - This is not cloud! Let me repeat that - THIS IS NOT CLOUD! Alarm bells should start ringing as soon as a company says "We can build anything you want in your private cloud" This is technically impossible in a cloud. A cloud is a fixed configuration set of technologies that provide a flexible solution for deploying services onto. If providers start saying that they can "build" you a cloud then this is just leasing. Now, there is absolutely nothing wrong with this methodology and it suits a number of customers requirements, but also kind of defeats the purpose and benefits of cloud; Cloud is supposed to provide a great price point due to the economies of scale - this can't happen if someone is building this bespoke. Cloud is supposed to provide a customer the flexibility to scale up and down the environment as needed to "right-size" your infrastructure - this can't happen if someone is building this to a specification. Cloud is supposed to provide flexibility and agility to meet any changes thrown at it - This can't happen in a fixed configuration.
My apologies to labour the point a bit, but I just want to highlight the fact that I believe customers that are buying into a hosted private cloud where the provider is building it to a specification aren't getting the benefits of cloud that they are paying for. That being said there are a number of companies out there that have built proper hosted private clouds (they've all termed them Enterprise clouds) such as Logicalis, Proact and ANS.
Even with the fact that there are companies out there providing what I would term proper hosted private cloud I still get back to the point of the post - Why do customers consider these to be more secure? I have come to the conclusion that it is because the Providers tell them that they are. There has been a lot of FUD around cloud for a while now, but the main element to this is around security. Apparently public cloud is less secure - or so the rumour goes, but I have not found anyone that can articulate an argument why. The argument normally starts around the point of shared/pooled resources, which is true of any cloud public or private, otherwise it is just hardware. Also, the problem with that statement is that public cloud providers have been offering dedicated servers for a while now, so you can build a "private cloud" within a public cloud provider. The next step is that providers claim that the security levels are less with the public cloud providers. Again, I struggle to see this point, as most of the public cloud providers are based from Equinix or equivalent DC providers so benefit from all the physical and virtual security that they have spent money on building. Lastly, if you have any concerns about security within a cloud, whether it is a public or hosted private cloud, these can fairly easily be solved now with solutions from companies like Porticor, Dome9 and others.
The problem I have with all of this is that the argument has been started and marketed by the providers themselves (generally the ones that didn't offer true cloud in the first place!) to help them sell their own version of a hosted private cloud which is glorified co-location. Is this going to be more secure? Possibly, but that is because it isn't cloud, it is just your own hardware hosted in their DC - so know different from moving your own hardware into their DC in the first place.
Let me finish by making a bold statement - I believe that public cloud IS just as secure as hosted private cloud and I would happily have a discussion with anyone that can convince me otherwise.