Professor Avishai Wool, CTO at AlgoSec, analyses the signs that private cloud is here to stay and provides some advice on how to ensure it remains secure
For several years now, the public cloud has been the main focus of conversations about how enterprise IT infrastructures will be deployed and managed. And with good reason: it continues to take the lion’s share of cloud spending. Worldwide public cloud market revenues were projected to grow 18.5% during 2017, according to Gartner.
However, this doesn’t mean that private clouds should be written off: far from it. According to IDC, private cloud market revenues grew 10% in the 12 months to July 2017. And Forrester devoted two of its 2018 cloud predictions to private cloud, stating that over the coming year, ‘private and hybrid cloud spending will rebound after a slowdown, driven by a raft of new on-premises cloud solutions’ and ‘Private clouds will get a new life as app development and modernization platforms, moving beyond IaaS.’
Furthermore we have already seen some organizations moving applications back from public clouds to private cloud infrastructures. This is being done for a range of reasons: in some cases, the public cloud deployment was only ever intended to be temporary; in other cases, there are concerns around regulatory compliance and data ownership, or about the costs of using public clouds as data volumes and processing requirements grow.
So while public clouds are good for many enterprise scenarios, they’re not always the right solution for every business application, which means enterprises will continue to retain, and grow, their existing hybrid of on-premise and private cloud deployments for the foreseeable future.
Private cloud – commercial or open-source?
In terms of which private cloud providers enterprises will use, there will likely continue to be fierce competition between vendors such as VMware, Microsoft, Cisco and IBM, and open-source solutions such as OpenStack. Organizations’ choice of private cloud platform will ultimately be influenced by the size of the business and the capabilities of its in-house IT teams.
For instance, using open-source solutions such as OpenStack can require significant in-house expertise and resources. Smaller organizations may not have the internal resources or knowledge to create and run their own cloud infrastructure, and may prefer to rely on commercial solutions that add management capabilities and support around the private cloud environment. Also, since OpenStack is an open source community, there are multiple OpenStack ‘flavors’ available, and therefore OpenStack security tools may not be fully compatible with tools from other vendors.
This can present a significant challenge for companies wanting to use OpenStack to build their private cloud, as they may have fewer choices over the security and risk management solutions they can use in their environment. So, organizations that are considering using OpenStack should carefully evaluate the security and management options available to them, before they choose a specific vendor or distribution.
Keeping private clouds, private
Regardless of which private cloud technology organizations choose to deploy, IT teams will need to enforce and maintain security seamlessly across the entire enterprise environment.
As with public cloud hybrid environments, IT and security teams must have clear, holistic visibility of security across all of the security controls in their network via a single pane of glass; this should also be combined with the ability to manage all of these diverse security controls from a single console.
This enables security policies to be applied consistently, without having to duplicate efforts using multiple management tools for different devices. It’s also important to be able to automate and orchestrate change processes across a complex mix of security controls – eliminating the risks that arise from error-prone, inefficient manual processes, and greatly enhancing the speed and accuracy of change processes and application migrations.