The debate on public versus private cloud is a fierce one with advocates on both sides. Security experts, however, consistently fall in the pro-private camp. As a compliance and security expert, I have to agree.
First, let’s be clear on the definitions.
The public cloud is available to the public in a free or pay-per-use capacity and is accessible via the web. Some examples include Google Apps, Office 365, file sharing applications such as Box or Dropbox, and so on. The private cloud, on the other hand, is the same service, but it sits behind your firewall and limits access to your internal departments, employees, customers, etc. in your organization.
The private cloud is either run by your IT department or your data center. What’s at stake with any cloud decision is your data. Even a single data breach could do irreparable harm to an organization, including, but not limited to, the following:
- Loss of productivity
- Loss of revenue
- Tarnished reputation
- Expensive corrective action or fines
Not to mention the amount of time, energy and money you’ll have to dedicate to rebuilding your brand and sales pipeline.
Choosing your ideal cloud solution
When deciding if you can safely host your data in the public cloud, my biggest recommendation is to understand your data and whether it’s appropriate for the public cloud. If your organization handles sensitive data such as credit card information, medical records, intellectual property or personally identifiable information (PII), there are certain compliance standards you have to meet that the public cloud won’t be able to adhere to.
To address security concerns related to the cloud, the federal government developed FedRAMP the Federal Risk and Authorization Management Program, A compliance standard to execute any government agency cloud-hosting contracts. FedRAMP authorized facilities certify that a cloud service provider meets governmental IT security standards, meeting all federal compliance requirements for data security.