Gartner has predicted that IT will spend more money on private cloud computing than the public cloud through 2012. And while I personally am a big supporter of private cloud, I've still been trying to figure what are the real issues that would make users avoid public cloud services, and what aspects of public clouds could be changed to make them more appealing to enterprise users.
It's no secret that security is a major concern, but companies' reluctance to adopt the public cloud seems to go beyond security. At its heart, it appears to be a matter of who controls access to the stored data as well as who has control of the data itself.
I recently sat down with Guy Churchward, CEO of log management and security vendor LogLogic, who told me that his customers eye the public cloud with suspicion due to data control issues--specifically, visibility and the lack of understanding around multitenant architectures.
According to Churchward, the public cloud is opaque, meaning that organizations storing data there are unable to see the underlying architecture. This makes it extremely challenging to ensure the security of data stored in the cloud as there is no visibility in the transaction and other log files. "With the public cloud, companies are giving up control of their data. They are putting all their trust in the cloud provider."
A second security concern with public clouds is multi-tenancy. Every server is at risk of attack and when multiple organizations are storing their data on the same server cloud, there is a risk that your security will be breached even if you are not targeted. If it's a hacker or your biggest competitor, how do you know that your data will be safe?
Private clouds allow companies to avoid the opacity and multitenancy concerns of the public cloud, but may not be feasible or cost effective. What should you look for in a public cloud provider to ensure that your data will be secure?
Churchward told me that public cloud providers could go a long way toward making enterprises more comfortable by providing access to a variety of log files that would allow you to track who accessed which data and when, providing insight into what's really happening in the cloud.
Will log management catch on in the public cloud? It remains to be seen whether Amazon and Google will be willing to invest the resources needed to make their clouds truly transparent, and more importantly, whether the market will be willing to pay more for cloud services with detailed log file analytics.