Security and privacy concerns are driving small and medium enterprises towards private clouds. The private cloud is perceived as being more secure than a public cloud and is seen to provide a proprietary computing architecture behind a firewall. Online backup service providers offer “private cloud” services to customers who want more control over their data repositories and have huge security concerns about sending their data over the Internet to remote third party data servers.

A recent SearchCloudComputing.com survey results indicated that small and medium enterprises are still in the research mode and are hesitant to take the quantum leap from public to private clouds for a variety of reasons. Out of the 250 companies surveyed about 75% said that they would like to move to private clouds. 25% were content with public clouds. Yet, only 20% said they would be doing any kind of cloud computing this year.

The data is interesting. What is holding small and medium enterprises from jumping into the private cloud bandwagon? There are six very valid reasons that Gartner has identified that translate as questions around security of the private cloud.

How private is the private cloud?

The most secure private cloud network would be a multi-tenant, dynamically provisioned and optimized infrastructure with self service developer deployment, hosted within safe confines of an enterprise data center. The expense of setting up and deploying the data center would be huge and small and medium enterprises with limited resources would baulk at it. So, budget constrained small and medium enterprises need to look elsewhere for their solution. Online private cloud backup services seem to be the answer, provided security solutions are in place.

How does one ensure that?

Private cloud services replace physical appliances with on demand appliances or logic. Gartner points out that silo-ed security deployment on physical appliances is no security at all in the cloud. Online backup private clouds must deliver security solutions through a service model so that security controls can be adopted and information protected. Moreover, since workload and information is not tied to any physical device in the cloud and there are no fixed IP addresses anymore, static security policies that are based on physical infrastructure cease to operate. The online backup service must facilitate the redefinition of security policies on the basis of logic for real time context.

But, how does one define security policies when security policies are defined by the third party host in the online backup world? Online backup vendors separate security policy formation from the operation of security in the cloud. They create standards for defining and distributing sharing policies across the data center security infrastructure. Security policy definitions are thereby, pushed to the customer. The policy admin has the facility to decide security policies and security professionals are empowered to manage policies instead of programming infrastructure.Online backup service providers are ready to create ‘zones of trust’ or logic based security systems that can adapt to any Virtual machine moves, changes or workload shifts.

A word of caution for those eager to harness the power of private cloud computing! Private cloud computing is a journey that requires a lot of preparation. Security concerns should never be compromised in the pursuit of technology. It is important to check with your online backup service provider whether the security concerns you have in mind are being addressed by the service and whether the solutions offered meet your requirements. After all, it is your data and the security of your data is important to you.

SecurStore provides a bespoke offsite backup solution catered for customers who have both mission critical data and non-critical data, i.e., it provides customers with a secure & efficient backup and recovery solution which is sustainable over time. This coupled with agentless technology and advanced support for all environments and applications makes it suitable for any type of business, data centre provider or reseller.