Article by Karen Scarfone from BizTechMagazine.com

Here are 11 security considerations that IT administrators should weigh as they approach that decision.

When planning a cloud deployment, choosing a public-cloud or private-cloud model is one of the most important decisions to be made, especially from a security perspective. IT administrators should weigh 11 considerations as they approach making that decision.

 

1. How significant are cost savings among the motivations for moving to the cloud?

Generally speaking, greater cost savings can be achieved by moving to a public cloud; lesser savings are achieved in a private cloud. IT decision-makers should carefully evaluate the relative costs of public and private architectures and use cost as a factor in the process, being careful to factor in security-related costs and the potential cost of data breaches.

 

2. Who needs access to data and applications?

If only internal staff members need access to the data and applications, it may make more sense to go with a private cloud. If the general public is going to be accessing the data and applications, a public cloud often makes more sense (in part because it’s likely that the data isn’t as sensitive).

 

3. How much of a security concern are other applications?

Many organizations avoid public clouds and some even avoid private clouds, because of the increased risks of having multiple applications on the same physical server. For applications with particularly sensitive data or services, the traditional architecture of full isolation — (having the resources for one application on a dedicated server) may still provide the best security model.

 

4. Is the organization willing to trust a third party with its data?

This ultimately depends on how sensitive the data is, what the threats are against it, and how much risk the organization is willing to accept. Many IT shops keep the most sensitive data out of public clouds because of the increased risk of compromise, and some organizations are prohibited from using public clouds because of compliance concerns.

 

5. How much visibility do you need into data and application security?

For some types of data, such as data that is available to the general public, organizations may want to log usage of the data for analytical purposes. But it’s not critical to know who is accessing which pieces of data. For particularly sensitive data, extensive visibility is needed because of regulations that require detailed logging of all access. The more visibility an organization needs into security, the more likely it is to favor a private cloud over a public cloud.

 

6. What types of network-based and host-based security controls are required for monitoring application activity?

Some enterprises rely heavily on certain security controls, such as intrusion detection systems. Such security controls might be available in a public cloud, but are much more likely to be available in a private cloud. If an organization requires certain security controls to meet its own policies or external regulations, it should investigate whether they are available from a public-cloud provider.

 

Read full article on BizTechMagazine.com