Hybrid Clouds Aren’t Always More Secure Than Public Clouds

    Cloud Computing | Cloud Security | Hybrid Cloud - Posted on 11/13/2017 by Hind BOUZIDI

    1111.jpgA hybrid cloud combines two of the fundamental cloud modalities: private clouds and public clouds. Hybrid clouds are becoming increasingly popular among medium and large companies because of an intuitive understanding that hybrid clouds combine the best of both worlds: the security of a private cloud and the convenience of the public cloud. Although that line of thinking makes sense theoretically, real world scenarios rarely match the theory.

    A public cloud is the service we at Outscale offer: we manage a large network of physical servers, a virtualization layer, and an API, which gives our clients access to on-demand scalable infrastructure without having to invest in hardware. The physical infrastructure is shared between multiple clients, and our clients don’t have any privileged access to the underlying network and servers.

    A private cloud is exactly what it sounds like: it provides the same virtual resources but the underlying hardware is controlled by one organization, and only they can deploy resources on it. Private clouds are often hosted in the company’s own data center, but they can also be located at a third-party data center.

    A hybrid cloud combines both, often as part of a strategy of data segregation: business critical and sensitive information is handled on the private component; less sensitive data is handled by the public component.

    Here’s the thing, though: public cloud providers like Outscale are, of necessity, experts in data security, and designing and managing secure networks. It’s our bread and butter. We live and die by the security of our platform. Most other companies don’t have access to the same level of expertise. Outscale, for example, is one of the only European cloud providers that is ISO/IEC 27001 certified, which means our information management processes and our wider business processes have passed stringent external auditing.

    Very few companies can say the same, and when those companies build private clouds, they do not build them to the same standards as the public cloud. The risk with cloud hosting is not that the underlying physical hardware is shared—strict segmentation is a well understood problem—but that management, security, and privacy best practices aren’t in place to ensure that data stays safe.

    By creating a hybrid cloud: joining a secure public cloud to a less secure private cloud, companies may in fact be compromising the security of their data. By hosting sensitive information in a private cloud, they may be creating a false sense of security.

    Sometimes the best thing is to take matters into your own hands, but sometimes, as with the cloud, expertise and experience win out.

    Image: Flickr/jchatoff

    Author: Hind BOUZIDI

    En tant que spécialiste de la communication, Hind fait preuve de pédagogie et de vulgarisation pour mettre à la portée de tous des sujets techniques dans le domaine des nouvelles technologies.